Default Process Security Parameters

Document Sample
Default Process Security Parameters Powered By Docstoc
					                                                                AP P E N DI X


                                                                B
Privileges for Built-in
Processes


   Windows ships with a large number of processes built-in, although many are
not installed in a default installation. In some cases, it is highly interesting to
know what privileges these processes have, what accounts they have in their to-
kens, and what the access control list (ACL) on the process itself is. This table
summarizes these parameters for a stand-alone Windows Vista Ultimate x86 sys-
tem with all optional components installed. The data below shows a start mode
for each service. This is the mode that service will have if it is installed. Some of
these services are not installed by default.
   Note that a large number of the default services run within one of the svchost
processes. The process name for these is listed as "svchost <svchost instance
name> below. In Windows Vista services within a single svchost instance do not
necessarily share the same token.
   Most processes have a logon session ID in their token as well. This is denoted
as Logon SID in the table below. The actual SID in the Logon SID differs each
time the process is executed.
   Services in Windows Vista can specify the privileges they need. You can see
this data using the sc qprivs command. Since many services run in the same
process as other services, however, the token they run under often includes more
privileges than they requested. The data below shows the requested privileges, if
the service specified them, and the actual privileges in the service's process t o-
ken.
ActiveX Installer (AxInstSv)

Process
  Svchost AxInstSvGroup
Service Name
  AxInstSV
Default Start mode
  Manual
Process Identity
  LocalSystem
Requested Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeRestorePrivilege
  SeTcbPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeRestorePrivilege
  SeTcbPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\AxInstSvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Application Experience

Process
  Svchost netsvcs
Service Name
  AeLookupSvc
Default Start mode
  Automatic
Process Identity
  LocalSystem
Requested Privileges
  SeImpersonatePrivilege
  SeTcbPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeCreateSymbolicLinkPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeLoadDriverPrivilege
  SeLockMemoryPrivilege
  SeManageVolumePrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeShutdownPrivilege
  SeSystemEnvironmentPrivilege
  SeSystemProfilePrivilege
  SeSystemtimePrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\BITS
  NT SERVICE\CertPropSvc
  NT SERVICE\EapHost
  NT SERVICE\hkmsvc
  NT SERVICE\IKEEXT
  NT SERVICE\iphlpsvc
  NT SERVICE\LanmanServer
  NT SERVICE\MSiSCSI
  NT SERVICE\RasAuto
  NT SERVICE\RasMan
  NT SERVICE\RemoteAccess
  NT SERVICE\Schedule
  NT SERVICE\SCPolicySvc
  NT SERVICE\SessionEnv
  NT SERVICE\SharedAccess
  NT SERVICE\wercplsupport
  NT SERVICE\Winmgmt
  NT SERVICE\wuauserv
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Application Information

Process
  Svchost netsvcs
Service Name
  Appinfo
Default Start mode
  Manual
Process Identity
  LocalSystem
Requested Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeRestorePrivilege
  SeTcbPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeCreateSymbolicLinkPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeLoadDriverPrivilege
  SeLockMemoryPrivilege
  SeManageVolumePrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeShutdownPrivilege
  SeSystemEnvironmentPrivilege
  SeSystemProfilePrivilege
  SeSystemtimePrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\BITS
  NT SERVICE\CertPropSvc
  NT SERVICE\EapHost
  NT SERVICE\hkmsvc
  NT SERVICE\IKEEXT
  NT SERVICE\iphlpsvc
  NT SERVICE\LanmanServer
  NT SERVICE\MSiSCSI
  NT SERVICE\RasAuto
  NT SERVICE\RasMan
  NT SERVICE\RemoteAccess
  NT SERVICE\Schedule
  NT SERVICE\SCPolicySvc
  NT SERVICE\SessionEnv
  NT SERVICE\SharedAccess
  NT SERVICE\wercplsupport
  NT SERVICE\Winmgmt
  NT SERVICE\wuauserv
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Malicious Software Removal Tool

Process
  Mrt.exe
Service Name
  N/A
Default Start mode
  Runs during auto-update as a child of wuauserv
Process Identity
  LocalSystem
Requested Privileges
  N/A
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeCreateSymbolicLinkPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeLoadDriverPrivilege
  SeLockMemoryPrivilege
  SeManageVolumePrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeSystemEnvironmentPrivilege
  SeSystemProfilePrivilege
  SeSystemtimePrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\BITS
  NT SERVICE\CertPropSvc
  NT SERVICE\EapHost
  NT SERVICE\hkmsvc
  NT SERVICE\IKEEXT
  NT SERVICE\iphlpsvc
  NT SERVICE\LanmanServer
  NT SERVICE\MSiSCSI
  NT SERVICE\RasAuto
  NT SERVICE\RasMan
  NT SERVICE\RemoteAccess
  NT SERVICE\Schedule
  NT SERVICE\SCPolicySvc
  NT SERVICE\SessionEnv
  NT SERVICE\SharedAccess
  NT SERVICE\wercplsupport
  NT SERVICE\Winmgmt
  NT SERVICE\wuauserv
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Application Layer Gateway Service

Process
  Alg.exe
Service Name
  ALG
Default Start mode
  Manual
Process Identity
  LocalService
Requested Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\ALG
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Application Management

Process
  Svchost netsvcs
Service Name
  AppMgmt
Default Start mode
  Manual
Process Identity
  LocalSystem
Requested Privileges
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeShutdownPrivilege
  SeTakeOwnershipPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeCreateSymbolicLinkPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeLoadDriverPrivilege
  SeLockMemoryPrivilege
  SeManageVolumePrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeSystemEnvironmentPrivilege
  SeSystemProfilePrivilege
  SeSystemtimePrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\BITS
  NT SERVICE\CertPropSvc
  NT SERVICE\EapHost
  NT SERVICE\hkmsvc
  NT SERVICE\IKEEXT
  NT SERVICE\iphlpsvc
  NT SERVICE\LanmanServer
  NT SERVICE\MSiSCSI
  NT SERVICE\RasAuto
  NT SERVICE\RasMan
  NT SERVICE\RemoteAccess
  NT SERVICE\Schedule
  NT SERVICE\SCPolicySvc
  NT SERVICE\SessionEnv
  NT SERVICE\SharedAccess
  NT SERVICE\wercplsupport
  NT SERVICE\Winmgmt
  NT SERVICE\wuauserv
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION
ASP.NET State Service

Process
  Aspnet_state.exe
Service Name
  Aspnet_state
Default Start mode
  Manual
Process Identity
  NetworkService
Requested Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\aspnet_state
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION
Background Intelligent Transfer Service

Process
  Svchost netsvcs
Service Name
  BITS
Default Start mode
  Automatic (Delayed Start)
Process Identity
  LocalSystem
Requested Privileges
  SeAssignPrimaryTokenPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeTcbPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeCreateSymbolicLinkPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeLoadDriverPrivilege
  SeLockMemoryPrivilege
  SeManageVolumePrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeSystemEnvironmentPrivilege
  SeSystemProfilePrivilege
  SeSystemtimePrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\BITS
  NT SERVICE\CertPropSvc
  NT SERVICE\EapHost
  NT SERVICE\hkmsvc
  NT SERVICE\IKEEXT
  NT SERVICE\iphlpsvc
  NT SERVICE\LanmanServer
  NT SERVICE\MSiSCSI
  NT SERVICE\RasAuto
  NT SERVICE\RasMan
  NT SERVICE\RemoteAccess
  NT SERVICE\Schedule
  NT SERVICE\SCPolicySvc
  NT SERVICE\SessionEnv
  NT SERVICE\SharedAccess
  NT SERVICE\wercplsupport
  NT SERVICE\Winmgmt
  NT SERVICE\wuauserv
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION
Base Filtering Engine

Process
  Svchost LocalServiceNoNetwork
Service Name
  BFE
Default Start mode
  Automatic
Process Identity
  LocalService
Requested Privileges
  SeAuditPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  Everyone, Restricted
  LOCAL
  Logon SID
  Logon SID, Restricted
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT AUTHORITY\WRITE RESTRICTED, Restricted
  NT AUTHORITY\WRITE RESTRICTED
  NT SERVICE\BFE
  NT SERVICE\BFE, Restricted
  NT SERVICE\DPS
  NT SERVICE\DPS, Restricted
  NT SERVICE\ehstart
  NT SERVICE\ehstart, Restricted
  NT SERVICE\MpsSvc
  NT SERVICE\MpsSvc, Restricted
  NT SERVICE\pla
  NT SERVICE\pla, Restricted
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Block Level Backup Engine Service

Process
  Wbengine.exe
Service Name
  wbengine
Default Start mode
  Manual
Process Identity
  LocalSystem
Requested Privileges
  SeBackupPrivilege
  SeImpersonatePrivilege
  SeManageVolumePrivilege
  SeRestorePrivilege
Assigned Privileges
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeImpersonatePrivilege
  SeManageVolumePrivilege
  SeRestorePrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  Everyone
  NT AUTHORITY\Authenticated Users
ACL
  Logon SID: Full Control
  Administrators: SYNCHRONIZE, Terminate, Read Memory,
PROCESS_QUERY_LIMITED_INFORMATION, Query Information, Read
Permissions



Certificate Propagation

Process
  Svchost netsvcs
Service Name
  CertPropSvc
Default Start mode
  Manual
Process Identity
  LocalSystem
Requested Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeSecurityPrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeCreateSymbolicLinkPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeLoadDriverPrivilege
  SeLockMemoryPrivilege
  SeManageVolumePrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeSystemEnvironmentPrivilege
  SeSystemProfilePrivilege
  SeSystemtimePrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\BITS
  NT SERVICE\CertPropSvc
  NT SERVICE\EapHost
  NT SERVICE\hkmsvc
  NT SERVICE\IKEEXT
  NT SERVICE\iphlpsvc
  NT SERVICE\LanmanServer
  NT SERVICE\MSiSCSI
  NT SERVICE\RasAuto
  NT SERVICE\RasMan
  NT SERVICE\RemoteAccess
  NT SERVICE\Schedule
  NT SERVICE\SCPolicySvc
  NT SERVICE\SessionEnv
  NT SERVICE\SharedAccess
  NT SERVICE\wercplsupport
  NT SERVICE\Winmgmt
  NT SERVICE\wuauserv
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Client for NFS

Process
  Nfsclnt.exe
Service Name
  NfsClnt
Default Start mode
  Automatic
Process Identity
  Network Service
Requested Privileges
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeCreateSymbolicLinkPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\NfsClnt
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



CNG Key Isolation

Process
  Lsass.exe
Service Name
  KeyIso
Default Start mode
  Manual
Process Identity
  LocalSystem
Requested Privileges
  N/A
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeCreateSymbolicLinkPrivilege
  SeCreateTokenPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeLoadDriverPrivilege
  SeLockMemoryPrivilege
  SeManageVolumePrivilege
  SeProfileSingleProcessPrivilege
  SeRelabelPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeShutdownPrivilege
  SeSystemEnvironmentPrivilege
  SeSystemProfilePrivilege
  SeSystemtimePrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeTimeZonePrivilege
  SeTrustedCredManAccessPrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  Everyone
  NT AUTHORITY\Authenticated Users
ACL
  Logon SID: Full Control
  Administrators: Terminate, Read Memory,
PROCESS_QUERY_LIMITED_INFORMATION, Query Information, Read
Permissions, SYNCHRONIZE



COM+ Event System

Process
  Svchost LocalService
Service Name
  EventSystem
Default Start mode
  Automatic
Process Identity
  LocalService
Requested Privileges
  SeChangeNotifyPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeShutdownPrivilege
  SeSystemtimePrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\EventSystem
  NT SERVICE\fdpHost
  NT SERVICE\FDResPub
  NT SERVICE\LanmanWorkstation
  NT SERVICE\lltdsvc
  NT SERVICE\Mcx2Svc
  NT SERVICE\netprofm
  NT SERVICE\nsi
  NT SERVICE\QWAVE
  NT SERVICE\SCardSvr
  NT SERVICE\SLUINotify
  NT SERVICE\SSDPSRV
  NT SERVICE\TBS
  NT SERVICE\THREADORDER
  NT SERVICE\upnphost
  NT SERVICE\W32Time
  NT SERVICE\wcncsvc
  NT SERVICE\WebClient
  NT SERVICE\WinHttpAutoProxySvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



COM+ System Application

Process
  dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Service Name
  ComSysApp
Default Start mode
  Manual
Process Identity
  LocalSystem
Requested Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  Everyone
  NT AUTHORITY\Authenticated Users
ACL
  SYSTEM:
Full Control
  Administrators:
Terminate, Read Memory, Query Information, Read Permissions


Computer Browser

Process
  Svchost netsvcs
Service Name
  Browser
Default Start mode
  Automatic (all functionality disabled and service stopped unless network dis-
covery is enabled)
Process Identity
  LocalSystem
Requested Privileges
  N/A
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeCreateSymbolicLinkPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeLoadDriverPrivilege
  SeLockMemoryPrivilege
  SeManageVolumePrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeShutdownPrivilege
  SeSystemEnvironmentPrivilege
  SeSystemProfilePrivilege
  SeSystemtimePrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\BITS
  NT SERVICE\CertPropSvc
  NT SERVICE\EapHost
  NT SERVICE\hkmsvc
  NT SERVICE\IKEEXT
  NT SERVICE\iphlpsvc
  NT SERVICE\LanmanServer
  NT SERVICE\MSiSCSI
  NT SERVICE\RasAuto
  NT SERVICE\RasMan
  NT SERVICE\RemoteAccess
  NT SERVICE\Schedule
  NT SERVICE\SCPolicySvc
  NT SERVICE\SessionEnv
  NT SERVICE\SharedAccess
  NT SERVICE\wercplsupport
  NT SERVICE\Winmgmt
  NT SERVICE\wuauserv
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Cryptographic Services

Process
  Svchost NetworkService
Service Name
  CryptSvc
Default Start mode
  Automatic
Process Identity
  NetworkService
Requested Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\CryptSvc
  NT SERVICE\Dnscache
  NT SERVICE\KtmRm
  NT SERVICE\napagent
  NT SERVICE\NlaSvc
  NT SERVICE\TapiSrv
  NT SERVICE\TermService
  NT SERVICE\Wecsvc
  NT SERVICE\WinRM
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



DCOM Server Process Launcher

Process
  Svchost DcomLaunch
Service Name
  DcomLaunch
Default Start mode
  Automatic
Process Identity
  LocalSystem
Requested Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeRestorePrivilege
  SeTcbPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeLoadDriverPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\PlugPlay
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Desktop Window Manager Session Manager

Process
  Svchost LocalSystemNetworkRestricted
Service Name
  UxSms
Default Start mode
  Automatic
Process Identity
  LocalSystem
Requested Privileges
  SeAssignPrimaryTokenPrivilege
  SeCreateGlobalPrivilege
  SeIncreaseQuotaPrivilege
  SeSecurityPrivilege
  SeTcbPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePermanentPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeLoadDriverPrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
Integrity Label
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\AuthenticatedUsers
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\AudioEndpointBuilder
  NT SERVICE\CscService
  NT SERVICE\dot3svc
  NT SERVICE\EMDMgmt
  NT SERVICE\hidserv
  NT SERVICE\IPBusEnum
  NT SERVICE\Netman
  NT SERVICE\PcaSvc
  NT SERVICE\TabletInputService
  NT SERVICE\TrkWks
  NT SERVICE\UMRdpService
  NT SERVICE\UxSMS
  NT SERVICE\WdiSystemHost
  NT SERVICE\Wlansvc
  NT SERVICE\WPDBusEnum
  NT SERVICE\wudfsvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



DFS Replication

Process
  DFSR.exe
Service Name
  DFSR
Default Start mode
  Manual
Process Identity
  LocalSystem
Requested Privileges
  SeBackupPrivilege
  SeImpersonatePrivilege
  SeLoadDriverPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeTcbPrivilege
Assigned Privileges
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeImpersonatePrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeTcbPrivilege
Integrity Label
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\DFSR
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



DHCP Client

Process
  Svchost LocalServiceNetworkRestricted
Service Name
  Dhcp
Default Start mode
  Automatic
Process Identity
  LocalService
Requested Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
Assigned Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseWorkingSetPrivilege
Integrity Label
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\Audiosrv
  NT SERVICE\Dhcp
  NT SERVICE\Eventlog
  NT SERVICE\lmhosts
  NT SERVICE\p2pimsvc
  NT SERVICE\p2psvc
  NT SERVICE\PNRPAutoReg
  NT SERVICE\PNRPsvc
  NT SERVICE\WPCSvc
  NT SERVICE\wscsvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Diagnostic Policy Service

Process
  Svchost LocalServiceNoNetwork
Service Name
  DPS
Default Start mode
  Automatic
Process Identity
  LocalService
Requested Privileges
  SeAssignPrimaryTokenPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  Everyone, Restricted
  LOCAL
  Logon SID
  Logon SID, Restricted
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT AUTHORITY\WRITE RESTRICTED, Restricted
  NT AUTHORITY\WRITE RESTRICTED
  NT SERVICE\BFE
  NT SERVICE\BFE, Restricted
  NT SERVICE\DPS
  NT SERVICE\DPS, Restricted
  NT SERVICE\ehstart
  NT SERVICE\ehstart, Restricted
  NT SERVICE\MpsSvc
  NT SERVICE\MpsSvc, Restricted
  NT SERVICE\pla
  NT SERVICE\pla, Restricted
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION


Diagnostic Service Host

Process
  Svchost wdisvc
Service Name
  WdiServiceHost
Default Start mode
  Manual (only started automatically by diagnostic processes, including the "Di-
agnose and repair" option on network connections
Process Identity
  LocalService
Requested Privileges
  SeChangeNotifyPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeChangeNotifyPrivilege
  SeImpersonatePrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\AuthenticatedUsers
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\WdiServiceHost
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION
Diagnostic System Host

Process
  Svchost LocalSystemNetworkRestricted
Service Name
  WdiSystemHost
Default Start mode
  Manual
Process Identity
  LocalSystem
Requested Privileges
  SeAssignPrimaryTokenPrivilege
  SeChangeNotifyPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeProfileSingleProcessPrivilege
  SeTcbPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePermanentPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeLoadDriverPrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\AuthenticatedUsers
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\AudioEndpointBuilder
  NT SERVICE\CscService
  NT SERVICE\dot3svc
  NT SERVICE\EMDMgmt
  NT SERVICE\hidserv
  NT SERVICE\IPBusEnum
  NT SERVICE\Netman
  NT SERVICE\PcaSvc
  NT SERVICE\TabletInputService
  NT SERVICE\TrkWks
  NT SERVICE\UMRdpService
  NT SERVICE\UxSMS
  NT SERVICE\WdiSystemHost
  NT SERVICE\Wlansvc
  NT SERVICE\WPDBusEnum
  NT SERVICE\wudfsvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Distributed Link Tracking Client

Process
  Svchost LocalSystemNetworkRestricted
Service Name
  TrkWks
Default Start mode
  Automatic
Process Identity
  LocalSystem
Requested Privileges
  SeImpersonatePrivilege
  SeRestorePrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePermanentPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeLoadDriverPrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\AuthenticatedUsers
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\AudioEndpointBuilder
  NT SERVICE\CscService
  NT SERVICE\dot3svc
  NT SERVICE\EMDMgmt
  NT SERVICE\hidserv
  NT SERVICE\IPBusEnum
  NT SERVICE\Netman
  NT SERVICE\PcaSvc
  NT SERVICE\TabletInputService
  NT SERVICE\TrkWks
  NT SERVICE\UMRdpService
  NT SERVICE\UxSMS
  NT SERVICE\WdiSystemHost
  NT SERVICE\Wlansvc
  NT SERVICE\WPDBusEnum
  NT SERVICE\wudfsvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Distributed Transaction Coordinator

Process
  Msdtc.exe
Service Name
  MSDTC
Default Start mode
  Manual
Process Identity
  NetworkService
Requested Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\AuthenticatedUsers
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\MSDTC
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



DNS Client

Process
  Svchost NetworkService
Service Name
  Dnscache
Default Start mode
  Automatic
Process Identity
  NetworkService
Requested Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\CryptSvc
  NT SERVICE\Dnscache
  NT SERVICE\KtmRm
  NT SERVICE\napagent
  NT SERVICE\NlaSvc
  NT SERVICE\TapiSrv
  NT SERVICE\TermService
  NT SERVICE\Wecsvc
  NT SERVICE\WinRM
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Extensible Authentication Protocol

Process
  Svchost netsvcs
Service Name
  EapHost
Default Start mode
  Automatic
Process Identity
  LocalSystem
Requested Privileges
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeTcbPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeCreateSymbolicLinkPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeLoadDriverPrivilege
  SeLockMemoryPrivilege
  SeManageVolumePrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeShutdownPrivilege
  SeSystemEnvironmentPrivilege
  SeSystemProfilePrivilege
  SeSystemtimePrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\BITS
  NT SERVICE\CertPropSvc
  NT SERVICE\EapHost
  NT SERVICE\hkmsvc
  NT SERVICE\IKEEXT
  NT SERVICE\iphlpsvc
  NT SERVICE\LanmanServer
  NT SERVICE\MSiSCSI
  NT SERVICE\RasAuto
  NT SERVICE\RasMan
  NT SERVICE\RemoteAccess
  NT SERVICE\Schedule
  NT SERVICE\SCPolicySvc
  NT SERVICE\SessionEnv
  NT SERVICE\SharedAccess
  NT SERVICE\wercplsupport
  NT SERVICE\Winmgmt
  NT SERVICE\wuauserv
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Fax

Process
  Fxssvc.exe
Service Name
  Fax
Default Start mode
  Manual
Process Identity
  NetworkService
Requested Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\Fax
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



FTP Publishing Service

Process
  Inetinfo.exe
Service Name
  MSFTPSVC
Default Start mode
  Manual
Process Identity
  LocalSystem
Requested Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeTcbPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeTcbPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  Everyone
  NT AUTHORITY\Authenticated Users
ACL
   SYSTEM: Full Control
   Administrators: Terminate, Read Memory, Query Information, Read Permis-
sions



Function Discovery Provider Host

Process
  Svchost LocalService
Service Name
  fdPHost
Default Start mode
  Manual
Process Identity
  LocalService
Requested Privileges
  SeChangeNotifyPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeShutdownPrivilege
  SeSystemtimePrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\EventSystem
  NT SERVICE\fdpHost
  NT SERVICE\FDResPub
  NT SERVICE\LanmanWorkstation
  NT SERVICE\lltdsvc
  NT SERVICE\Mcx2Svc
  NT SERVICE\netprofm
  NT SERVICE\nsi
  NT SERVICE\QWAVE
  NT SERVICE\SCardSvr
  NT SERVICE\SLUINotify
  NT SERVICE\SSDPSRV
  NT SERVICE\TBS
  NT SERVICE\THREADORDER
  NT SERVICE\upnphost
  NT SERVICE\W32Time
  NT SERVICE\wcncsvc
  NT SERVICE\WebClient
  NT SERVICE\WinHttpAutoProxySvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Function Discovery Resource Publication

Process
  Svchost LocalService
Service Name
  FDResPub
Default Start mode
  Automatic
Process Identity
  LocalService
Requested Privileges
  SeChangeNotifyPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeShutdownPrivilege
  SeSystemtimePrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\EventSystem
  NT SERVICE\fdpHost
  NT SERVICE\FDResPub
  NT SERVICE\LanmanWorkstation
  NT SERVICE\lltdsvc
  NT SERVICE\Mcx2Svc
  NT SERVICE\netprofm
  NT SERVICE\nsi
  NT SERVICE\QWAVE
  NT SERVICE\SCardSvr
  NT SERVICE\SLUINotify
  NT SERVICE\SSDPSRV
  NT SERVICE\TBS
  NT SERVICE\THREADORDER
  NT SERVICE\upnphost
  NT SERVICE\W32Time
  NT SERVICE\wcncsvc
  NT SERVICE\WebClient
  NT SERVICE\WinHttpAutoProxySvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Group Policy Client

Process
  Svchost netsvcs
Service Name
  gpsvc
Default Start mode
  Automatic
Process Identity
  LocalSystem
Requested Privileges
  SeAssignPrimaryTokenPrivilege
  SeChangeNotifyPrivilege
  SeCreatePermanentPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeSecurityPrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeCreateSymbolicLinkPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeLoadDriverPrivilege
  SeLockMemoryPrivilege
  SeManageVolumePrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeShutdownPrivilege
  SeSystemEnvironmentPrivilege
  SeSystemProfilePrivilege
  SeSystemtimePrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\BITS
  NT SERVICE\CertPropSvc
  NT SERVICE\EapHost
  NT SERVICE\hkmsvc
  NT SERVICE\IKEEXT
  NT SERVICE\iphlpsvc
  NT SERVICE\LanmanServer
  NT SERVICE\MSiSCSI
  NT SERVICE\RasAuto
  NT SERVICE\RasMan
  NT SERVICE\RemoteAccess
  NT SERVICE\Schedule
  NT SERVICE\SCPolicySvc
  NT SERVICE\SessionEnv
  NT SERVICE\SharedAccess
  NT SERVICE\wercplsupport
  NT SERVICE\Winmgmt
  NT SERVICE\wuauserv
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Health Key and Certificate Management

Process
  Svchost netsvcs
Service Name
  hkmsvc
Default Start mode
  Manual
Process Identity
  LocalSystem
Requested Privileges
  SeChangeNotifyPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeCreateSymbolicLinkPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeLoadDriverPrivilege
  SeLockMemoryPrivilege
  SeManageVolumePrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeShutdownPrivilege
  SeSystemEnvironmentPrivilege
  SeSystemProfilePrivilege
  SeSystemtimePrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\BITS
  NT SERVICE\CertPropSvc
  NT SERVICE\EapHost
  NT SERVICE\hkmsvc
  NT SERVICE\IKEEXT
  NT SERVICE\iphlpsvc
  NT SERVICE\LanmanServer
  NT SERVICE\MSiSCSI
  NT SERVICE\RasAuto
  NT SERVICE\RasMan
  NT SERVICE\RemoteAccess
  NT SERVICE\Schedule
  NT SERVICE\SCPolicySvc
  NT SERVICE\SessionEnv
  NT SERVICE\SharedAccess
  NT SERVICE\wercplsupport
  NT SERVICE\Winmgmt
  NT SERVICE\wuauserv
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Human Interface Device Access

Process
  Svchost LocalSystemNetworkRestricted
Service Name
  hidserv
Default Start mode
  Manual
Process Identity
  LocalSystem
Requested Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePermanentPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeLoadDriverPrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
Integrity Label
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\AuthenticatedUsers
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\AudioEndpointBuilder
  NT SERVICE\CscService
  NT SERVICE\dot3svc
  NT SERVICE\EMDMgmt
  NT SERVICE\hidserv
  NT SERVICE\IPBusEnum
  NT SERVICE\Netman
  NT SERVICE\PcaSvc
  NT SERVICE\TabletInputService
  NT SERVICE\TrkWks
  NT SERVICE\UMRdpService
  NT SERVICE\UxSMS
  NT SERVICE\WdiSystemHost
  NT SERVICE\Wlansvc
  NT SERVICE\WPDBusEnum
  NT SERVICE\wudfsvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



IIS Admin Service

Process
  Inetinfo.exe
Service Name
  IISADMIN
Default Start mode
  Automatic
Process Identity
  LocalSystem
Requested Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeTcbPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeTcbPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  Everyone
  NT AUTHORITY\Authenticated Users
ACL
   SYSTEM: Full Control
   Administrators: Terminate, Read Memory, Query Information, Read Permis-
sions



IKE and AuthIP IPsec Keying Modules

Process
  Svchost netsvcs
Service Name
  IKEEXT
Default Start mode
  Automatic
Process Identity
  LocalSystem
Requested Privileges
  SeAuditPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeTcbPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeCreateSymbolicLinkPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeLoadDriverPrivilege
  SeLockMemoryPrivilege
  SeManageVolumePrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeShutdownPrivilege
  SeSystemEnvironmentPrivilege
  SeSystemProfilePrivilege
  SeSystemtimePrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\BITS
  NT SERVICE\CertPropSvc
  NT SERVICE\EapHost
  NT SERVICE\hkmsvc
  NT SERVICE\IKEEXT
  NT SERVICE\iphlpsvc
  NT SERVICE\LanmanServer
  NT SERVICE\MSiSCSI
  NT SERVICE\RasAuto
  NT SERVICE\RasMan
  NT SERVICE\RemoteAccess
  NT SERVICE\Schedule
  NT SERVICE\SCPolicySvc
  NT SERVICE\SessionEnv
  NT SERVICE\SharedAccess
  NT SERVICE\wercplsupport
  NT SERVICE\Winmgmt
  NT SERVICE\wuauserv
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Indexing Service

Process
  Cisvc.exe
Service Name
  CISVC
Default Start mode
  Automatic
Process Identity
  LocalSystem
Requested Privileges
  N/A
Assigned Privileges
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreateSymbolicLinkPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseWorkingSetPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeShutdownPrivilege
  SeSystemProfilePrivilege
  SeTcbPrivilege
  SeTimeZonePrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  Everyone
  NT AUTHORITY\Authenticated Users
ACL
   Logon SID: Full Control
   Administrators: Terminate, Read Memory, Query Information, Read Permis-
sions



Interactive Services Detection

Process
  UIODetect.exe
Service Name
  UI0Detect
Default Start mode
  Manual
Process Identity
  LocalSystem
Requested Privileges
  SeAssignPrimaryTokenPrivilege
  SeDebugPrivilege
  SeIncreaseQuotaPrivilege
  SeTcbPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeChangeNotifyPrivilege
  SeDebugPrivilege
  SeIncreaseQuotaPrivilege
  SeTcbPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\UIODetect
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION


Internet Connection Sharing (ICS)

Process
  Svchost netsvcs
Service Name
  SharedAccess
Default Start mode
  Disabled until Internet Connection Sharing is turned on, then Automatic
Process Identity
  LocalSystem
Requested Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeLoadDriverPrivilege
  SeTakeOwnershipPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeCreateSymbolicLinkPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeLoadDriverPrivilege
  SeLockMemoryPrivilege
  SeManageVolumePrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeShutdownPrivilege
  SeSystemEnvironmentPrivilege
  SeSystemProfilePrivilege
  SeSystemtimePrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\BITS
  NT SERVICE\CertPropSvc
  NT SERVICE\EapHost
  NT SERVICE\hkmsvc
  NT SERVICE\IKEEXT
  NT SERVICE\iphlpsvc
  NT SERVICE\LanmanServer
  NT SERVICE\MSiSCSI
  NT SERVICE\RasAuto
  NT SERVICE\RasMan
  NT SERVICE\RemoteAccess
  NT SERVICE\Schedule
  NT SERVICE\SCPolicySvc
  NT SERVICE\SessionEnv
  NT SERVICE\SharedAccess
  NT SERVICE\wercplsupport
  NT SERVICE\Winmgmt
  NT SERVICE\wuauserv
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



IP Helper

Process
  Svchost netsvcs
Service Name
  iphlpsvc
Default Start mode
  Automatic
Process Identity
  LocalSystem
Requested Privileges
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeCreateSymbolicLinkPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeLoadDriverPrivilege
  SeLockMemoryPrivilege
  SeManageVolumePrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeShutdownPrivilege
  SeSystemEnvironmentPrivilege
  SeSystemProfilePrivilege
  SeSystemtimePrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\BITS
  NT SERVICE\CertPropSvc
  NT SERVICE\EapHost
  NT SERVICE\hkmsvc
  NT SERVICE\IKEEXT
  NT SERVICE\iphlpsvc
  NT SERVICE\LanmanServer
  NT SERVICE\MSiSCSI
  NT SERVICE\RasAuto
  NT SERVICE\RasMan
  NT SERVICE\RemoteAccess
  NT SERVICE\Schedule
  NT SERVICE\SCPolicySvc
  NT SERVICE\SessionEnv
  NT SERVICE\SharedAccess
  NT SERVICE\wercplsupport
  NT SERVICE\Winmgmt
  NT SERVICE\wuauserv
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



IPsec Policy Agent

Process
  Svchost NetworkServiceNetworkRestricted
Service Name
  PolicyAgent
Default Start mode
  Automatic
Process Identity
  Network Service
Requested Privileges
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\PolicyAgent
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



KtmRm for Distributed Transactions Coordinator

Process
  Svchost NetworkService
Service Name
  KtmRm
Default Start mode
  Automatic (Delayed Start)
Process Identity
  NetworkService
Requested Privileges
  SeChangeNotifyPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\CryptSvc
  NT SERVICE\Dnscache
  NT SERVICE\KtmRm
  NT SERVICE\napagent
  NT SERVICE\NlaSvc
  NT SERVICE\TapiSrv
  NT SERVICE\TermService
  NT SERVICE\Wecsvc
  NT SERVICE\WinRM
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Link-Layer Topology Discovery Mapper

Process
  Svchost LocalService
Service Name
  Lltdsvc
Default Start mode
  Manual
Process Identity
  LocalService
Requested Privileges
  SeChangeNotifyPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeShutdownPrivilege
  SeSystemtimePrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\EventSystem
  NT SERVICE\fdpHost
  NT SERVICE\FDResPub
  NT SERVICE\LanmanWorkstation
  NT SERVICE\lltdsvc
  NT SERVICE\Mcx2Svc
  NT SERVICE\netprofm
  NT SERVICE\nsi
  NT SERVICE\QWAVE
  NT SERVICE\SCardSvr
  NT SERVICE\SLUINotify
  NT SERVICE\SSDPSRV
  NT SERVICE\TBS
  NT SERVICE\THREADORDER
  NT SERVICE\upnphost
  NT SERVICE\W32Time
  NT SERVICE\wcncsvc
  NT SERVICE\WebClient
  NT SERVICE\WinHttpAutoProxySvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Message Queueing

Process
  Mqsvc.exe
Service Name
  MSMQ
Default Start mode
  Automatic
Process Identity
  NetworkService
Requested Privileges
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\EventSystem
  NT SERVICE\MSMQ
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION
Message Queuing Triggers

Process
  Mqtgsvc.exe
Service Name
  MSMQTriggers
Default Start mode
  Automatic
Process Identity
  NetworkService
Requested Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\EventSystem
  NT SERVICE\MSMQTriggers
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION
Microsoft .NET Framework NGEN v2.0.50727_X86

Process
  mscorsvw.exe
Service Name
  clr_optimization_v2.0.50727_32
Default Start mode
  Manual
Process Identity
  LocalSystem
Requested Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
Assigned Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  Everyone
  NT AUTHORITY\Authenticated Users
ACL
   System: Full Control
   Administrators: Terminate, Read Memory, Query Information, Read Permis-
sions



Microsoft iSCSI Initiator Service

Process
  Svchost netsvcs
Service Name
  MSiSCSI
Default Start mode
  Manual
Process Identity
  LocalSystem
Requested Privileges
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePermanentPrivilege
  SeImpersonatePrivilege
  SeTcbPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeCreateSymbolicLinkPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeLoadDriverPrivilege
  SeLockMemoryPrivilege
  SeManageVolumePrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeShutdownPrivilege
  SeSystemEnvironmentPrivilege
  SeSystemProfilePrivilege
  SeSystemtimePrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\BITS
  NT SERVICE\CertPropSvc
  NT SERVICE\EapHost
  NT SERVICE\hkmsvc
  NT SERVICE\IKEEXT
  NT SERVICE\iphlpsvc
  NT SERVICE\LanmanServer
  NT SERVICE\MSiSCSI
  NT SERVICE\RasAuto
  NT SERVICE\RasMan
  NT SERVICE\RemoteAccess
  NT SERVICE\Schedule
  NT SERVICE\SCPolicySvc
  NT SERVICE\SessionEnv
  NT SERVICE\SharedAccess
  NT SERVICE\wercplsupport
  NT SERVICE\Winmgmt
  NT SERVICE\wuauserv
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Microsoft Software Shadow Copy Provider

Process
  Svchost swprv
Service Name
  swprv
Default Start mode
  Manual
Process Identity
  LocalSystem
Requested Privileges
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePermanentPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeManageVolumePrivilege
  SeManageVolumePrivilege
  SeRestorePrivilege
  SeRestorePrivilege
  SeTcbPrivilege
Assigned Privileges
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePermanentPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeManageVolumePrivilege
  SeRestorePrivilege
  SeTcbPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  Everyone
  NT AUTHORITY\Authenticated Users
ACL
   System: Full Control
   Administrators: Terminate, Read Memory, Query Information, Read Permis-
sions
Multimedia Class Scheduler

Process
  Svchost netsvcs
Service Name
  MMCSS
Default Start mode
  Automatic
Process Identity
  LocalSystem
Requested Privileges
  SeIncreaseBasePriorityPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeCreateSymbolicLinkPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeLoadDriverPrivilege
  SeLockMemoryPrivilege
  SeManageVolumePrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeShutdownPrivilege
  SeSystemEnvironmentPrivilege
  SeSystemProfilePrivilege
  SeSystemtimePrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\BITS
  NT SERVICE\CertPropSvc
  NT SERVICE\EapHost
  NT SERVICE\hkmsvc
  NT SERVICE\IKEEXT
  NT SERVICE\iphlpsvc
  NT SERVICE\LanmanServer
  NT SERVICE\MSiSCSI
  NT SERVICE\RasAuto
  NT SERVICE\RasMan
  NT SERVICE\RemoteAccess
  NT SERVICE\Schedule
  NT SERVICE\SCPolicySvc
  NT SERVICE\SessionEnv
  NT SERVICE\SharedAccess
  NT SERVICE\wercplsupport
  NT SERVICE\Winmgmt
  NT SERVICE\wuauserv
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION
Net.Msmq Listener Adapter

Process
  SMSvcHost.exe NetMsmqActivator
Service Name
  NetMsmqActivator
Default Start mode
  Automatic
Process Identity
  Network Service
Requested Privileges
  SeCreateGlobalPrivilege
Assigned Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  Everyone, Restricted
  LOCAL
  Logon SID
  Logon SID, Restricted
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT AUTHORITY\WRITE RESTRICTED, Restricted
  NT AUTHORITY\WRITE RESTRICTED
  NT SERVICE\NetMsmqActivator, Restricted
  NT SERVICE\NetMsmqActivator
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION
Net.Pipe Listener Adapter

Process
  SMSvcHost.exe
Service Name
  NetPipeActivator
Default Start mode
  Automatic
Process Identity
  Local Service
Requested Privileges
  SeCreateGlobalPrivilege
Assigned Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  Everyone, Restricted
  LOCAL
  Logon SID
  Logon SID, Restricted

  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT AUTHORITY\WRITE RESTRICTED, Restricted
  NT AUTHORITY\WRITE RESTRICTED
  NT SERVICE\NetPipeActivator, Restricted
  NT SERVICE\NetPipeActivator
  NT SERVICE\NetTcpActivator, Restricted
  NT SERVICE\NetTcpActivator
  NT SERVICE\NetTcpPortSharing, Restricted
  NT SERVICE\NetTcpPortSharing
ACL
  SYSTEM: Query Information
  LOCAL SERVICE: Query Information
  NETWORK SERVICE: Query Information
  IIS_IUSRS; Query Information
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Net.Tcp Listener Adapter

Process
  SMSvcHost.exe
Service Name
  NetTcpActivator
Default Start mode
  Automatic
Process Identity
  Local Service
Requested Privileges
  SeCreateGlobalPrivilege
Assigned Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  Everyone, Restricted
  LOCAL
  Logon SID
  Logon SID, Restricted

  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT AUTHORITY\WRITE RESTRICTED, Restricted
  NT AUTHORITY\WRITE RESTRICTED
  NT SERVICE\NetPipeActivator, Restricted
  NT SERVICE\NetPipeActivator
  NT SERVICE\NetTcpActivator, Restricted
  NT SERVICE\NetTcpActivator
  NT SERVICE\NetTcpPortSharing, Restricted
  NT SERVICE\NetTcpPortSharing
ACL
  SYSTEM: Query Information
  LOCAL SERVICE: Query Information
  NETWORK SERVICE: Query Information
  IIS_IUSRS; Query Information
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Net.Tcp Port Sharing Service

Process
  SMSvcHost.exe
Service Name
  NetTcpPortSharing
Default Start mode
  Automatic
Process Identity
  Local Service
Requested Privileges
  SeCreateGlobalPrivilege
Assigned Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  Everyone, Restricted
  LOCAL
  Logon SID
  Logon SID, Restricted

  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT AUTHORITY\WRITE RESTRICTED, Restricted
  NT AUTHORITY\WRITE RESTRICTED
  NT SERVICE\NetPipeActivator, Restricted
  NT SERVICE\NetPipeActivator
  NT SERVICE\NetTcpActivator, Restricted
  NT SERVICE\NetTcpActivator
  NT SERVICE\NetTcpPortSharing, Restricted
  NT SERVICE\NetTcpPortSharing
ACL
  SYSTEM: Query Information
  LOCAL SERVICE: Query Information
  NETWORK SERVICE: Query Information
  IIS_IUSRS; Query Information
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Netlogon

Process
  Lsass.exe
Service Name
  Netlogon
Default Start mode
  Automatic (on domain-joined computers only)
Process Identity
  LocalSystem
Requested Privileges
  N/A
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeCreateSymbolicLinkPrivilege
  SeCreateTokenPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeLoadDriverPrivilege
  SeLockMemoryPrivilege
  SeManageVolumePrivilege
  SeProfileSingleProcessPrivilege
  SeRelabelPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeShutdownPrivilege
  SeSystemEnvironmentPrivilege
  SeSystemProfilePrivilege
  SeSystemtimePrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeTimeZonePrivilege
  SeTrustedCredManAccessPrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  Everyone
  NT AUTHORITY\Authenticated Users
ACL
  Logon SID: Full Control
  Administrators: Terminate, Read Memory,
PROCESS_QUERY_LIMITED_INFORMATION, Query Information, Read
Permissions, SYNCHRONIZE



Network Access Protection Agent

Process
  Svchost NetworkService
Service Name
  napagent
Default Start mode
  Manual
Process Identity
  NetworkService
Requested Privileges
  SeChangeNotifyPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\CryptSvc
  NT SERVICE\Dnscache
  NT SERVICE\KtmRm
  NT SERVICE\napagent
  NT SERVICE\NlaSvc
  NT SERVICE\TapiSrv
  NT SERVICE\TermService
  NT SERVICE\Wecsvc
  NT SERVICE\WinRM
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Network Connections

Process
  Svchost LocalSystemNetworkRestricted
Service Name
  NetMan
Default Start mode
  Automatic
Process Identity
  LocalSystem
Requested Privileges
  SeImpersonatePrivilege
  SeChangeNotifyPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePermanentPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeLoadDriverPrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
Integrity Label
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\AuthenticatedUsers
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\AudioEndpointBuilder
  NT SERVICE\CscService
  NT SERVICE\dot3svc
  NT SERVICE\EMDMgmt
  NT SERVICE\hidserv
  NT SERVICE\IPBusEnum
  NT SERVICE\Netman
  NT SERVICE\PcaSvc
  NT SERVICE\TabletInputService
  NT SERVICE\TrkWks
  NT SERVICE\UMRdpService
  NT SERVICE\UxSMS
  NT SERVICE\WdiSystemHost
  NT SERVICE\Wlansvc
  NT SERVICE\WPDBusEnum
  NT SERVICE\wudfsvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION
Network List Service

Process
  Svchost LocalService
Service Name
  netprofm
Default Start mode
  Automatic
Process Identity
  LocalService
Requested Privileges
  SeChangeNotifyPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeShutdownPrivilege
  SeSystemtimePrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\EventSystem
  NT SERVICE\fdpHost
  NT SERVICE\FDResPub
  NT SERVICE\LanmanWorkstation
  NT SERVICE\lltdsvc
  NT SERVICE\Mcx2Svc
  NT SERVICE\netprofm
  NT SERVICE\nsi
  NT SERVICE\QWAVE
  NT SERVICE\SCardSvr
  NT SERVICE\SLUINotify
  NT SERVICE\SSDPSRV
  NT SERVICE\TBS
  NT SERVICE\THREADORDER
  NT SERVICE\upnphost
  NT SERVICE\W32Time
  NT SERVICE\wcncsvc
  NT SERVICE\WebClient
  NT SERVICE\WinHttpAutoProxySvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Network Location Awareness

Process
  Svchost NetworkService
Service Name
  NlaSvc
Default Start mode
  Automatic
Process Identity
  NetworkService
Requested Privileges
  SeAuditPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\CryptSvc
  NT SERVICE\Dnscache
  NT SERVICE\KtmRm
  NT SERVICE\napagent
  NT SERVICE\NlaSvc
  NT SERVICE\TapiSrv
  NT SERVICE\TermService
  NT SERVICE\Wecsvc
  NT SERVICE\WinRM
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Network Store Interface Service

Process
  Svchost LocalService
Service Name
  nsi
Default Start mode
  Automatic
Process Identity
  LocalService
Requested Privileges
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeShutdownPrivilege
  SeSystemtimePrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\EventSystem
  NT SERVICE\fdpHost
  NT SERVICE\FDResPub
  NT SERVICE\LanmanWorkstation
  NT SERVICE\lltdsvc
  NT SERVICE\Mcx2Svc
  NT SERVICE\netprofm
  NT SERVICE\nsi
  NT SERVICE\QWAVE
  NT SERVICE\SCardSvr
  NT SERVICE\SLUINotify
  NT SERVICE\SSDPSRV
  NT SERVICE\TBS
  NT SERVICE\THREADORDER
  NT SERVICE\upnphost
  NT SERVICE\W32Time
  NT SERVICE\wcncsvc
  NT SERVICE\WebClient
  NT SERVICE\WinHttpAutoProxySvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Offline Files

Process
  Svchost LocalSystemNetworkRestricted
Service Name
  CscService
Default Start mode
  Automatic
Process Identity
  LocalSystem
Requested Privileges
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeTcbPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePermanentPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeLoadDriverPrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
Integrity Label
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\AuthenticatedUsers
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\AudioEndpointBuilder
  NT SERVICE\CscService
  NT SERVICE\dot3svc
  NT SERVICE\EMDMgmt
  NT SERVICE\hidserv
  NT SERVICE\IPBusEnum
  NT SERVICE\Netman
  NT SERVICE\PcaSvc
  NT SERVICE\TabletInputService
  NT SERVICE\TrkWks
  NT SERVICE\UMRdpService
  NT SERVICE\UxSMS
  NT SERVICE\WdiSystemHost
  NT SERVICE\Wlansvc
  NT SERVICE\WPDBusEnum
  NT SERVICE\wudfsvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION
Parental Controls

Process
  Svchost LocalServiceNetworkRestricted
Service Name
  WPCSvc
Default Start mode
  Manual
Process Identity
  LocalService
Requested Privileges
  SeImpersonatePrivilege
Assigned Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseWorkingSetPrivilege
Integrity Label
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\Audiosrv
  NT SERVICE\Dhcp
  NT SERVICE\Eventlog
  NT SERVICE\lmhosts
  NT SERVICE\p2pimsvc
  NT SERVICE\p2psvc
  NT SERVICE\PNRPAutoReg
  NT SERVICE\PNRPsvc
  NT SERVICE\WPCSvc
  NT SERVICE\wscsvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION


Peer Name Resolution Protocol

Process
  Svchost LocalServiceNetworkRestricted
Service Name
  PNRPsvc
Default Start mode
  Manual
Process Identity
  LocalService
Requested Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseWorkingSetPrivilege
Integrity Label
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\Audiosrv
  NT SERVICE\Dhcp
  NT SERVICE\Eventlog
  NT SERVICE\lmhosts
  NT SERVICE\p2pimsvc
  NT SERVICE\p2psvc
  NT SERVICE\PNRPAutoReg
  NT SERVICE\PNRPsvc
  NT SERVICE\WPCSvc
  NT SERVICE\wscsvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Peer Networking Grouping

Process
  Svchost LocalServiceNetworkRestricted
Service Name
  p2psvc
Default Start mode
  Manual
Process Identity
  LocalService
Requested Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseWorkingSetPrivilege
Integrity Label
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\Audiosrv
  NT SERVICE\Dhcp
  NT SERVICE\Eventlog
  NT SERVICE\lmhosts
  NT SERVICE\p2pimsvc
  NT SERVICE\p2psvc
  NT SERVICE\PNRPAutoReg
  NT SERVICE\PNRPsvc
  NT SERVICE\WPCSvc
  NT SERVICE\wscsvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Peer Networking Identity Manager

Process
  Svchost LocalServiceNetworkRestricted
Service Name
  p2pimsvc
Default Start mode
  Manual
Process Identity
  LocalService
Requested Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseWorkingSetPrivilege
Integrity Label
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\Audiosrv
  NT SERVICE\Dhcp
  NT SERVICE\Eventlog
  NT SERVICE\lmhosts
  NT SERVICE\p2pimsvc
  NT SERVICE\p2psvc
  NT SERVICE\PNRPAutoReg
  NT SERVICE\PNRPsvc
  NT SERVICE\WPCSvc
  NT SERVICE\wscsvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Performance Logs & Alerts

Process
  Svchost LocalServiceNoNetwork
Service Name
  pla
Default Start mode
  Manual
Process Identity
  LocalService
Requested Privileges
  SeImpersonatePrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  Everyone, Restricted
  LOCAL
  Logon SID
  Logon SID, Restricted
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT AUTHORITY\WRITE RESTRICTED, Restricted
  NT AUTHORITY\WRITE RESTRICTED
  NT SERVICE\BFE
  NT SERVICE\BFE, Restricted
  NT SERVICE\DPS
  NT SERVICE\DPS, Restricted
  NT SERVICE\ehstart
  NT SERVICE\ehstart, Restricted
  NT SERVICE\MpsSvc
  NT SERVICE\MpsSvc, Restricted
  NT SERVICE\pla
  NT SERVICE\pla, Restricted
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION
Plug and Play

Process
  Svchost DcomLaunch
Service Name
  PlugPlay
Default Start mode
  Automatic
Process Identity
  LocalSystem
Requested Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeLoadDriverPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeUndockPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeLoadDriverPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\PlugPlay
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



PnP-X IP Bus Enumerator

Process
  Svchost LocalSystemNetworkRestricted
Service Name
  IPBusEnum
Default Start mode
  Manual
Process Identity
  LocalSystem
Requested Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeLoadDriverPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePermanentPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeLoadDriverPrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
Integrity Label
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\AuthenticatedUsers
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\AudioEndpointBuilder
  NT SERVICE\CscService
  NT SERVICE\dot3svc
  NT SERVICE\EMDMgmt
  NT SERVICE\hidserv
  NT SERVICE\IPBusEnum
  NT SERVICE\Netman
  NT SERVICE\PcaSvc
  NT SERVICE\TabletInputService
  NT SERVICE\TrkWks
  NT SERVICE\UMRdpService
  NT SERVICE\UxSMS
  NT SERVICE\WdiSystemHost
  NT SERVICE\Wlansvc
  NT SERVICE\WPDBusEnum
  NT SERVICE\wudfsvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



PNRP Machine Name Publication Service

Process
  Svchost LocalServiceNetworkRestricted
Service Name
  PNRPAutoReg
Default Start mode
  Manual
Process Identity
  LocalService
Requested Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseWorkingSetPrivilege
Integrity Label
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\Audiosrv
  NT SERVICE\Dhcp
  NT SERVICE\Eventlog
  NT SERVICE\lmhosts
  NT SERVICE\p2pimsvc
  NT SERVICE\p2psvc
  NT SERVICE\PNRPAutoReg
  NT SERVICE\PNRPsvc
  NT SERVICE\WPCSvc
  NT SERVICE\wscsvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Portable Device Enumerator Service

Process
  Svchost LocalSystemNetworkRestricted
Service Name
  WPDBusEnum
Default Start mode
  Automatic
Process Identity
  LocalSystem
Requested Privileges
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePermanentPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePermanentPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeLoadDriverPrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
Integrity Label
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\AuthenticatedUsers
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\AudioEndpointBuilder
  NT SERVICE\CscService
  NT SERVICE\dot3svc
  NT SERVICE\EMDMgmt
  NT SERVICE\hidserv
  NT SERVICE\IPBusEnum
  NT SERVICE\Netman
  NT SERVICE\PcaSvc
  NT SERVICE\TabletInputService
  NT SERVICE\TrkWks
  NT SERVICE\UMRdpService
  NT SERVICE\UxSMS
  NT SERVICE\WdiSystemHost
  NT SERVICE\Wlansvc
  NT SERVICE\WPDBusEnum
  NT SERVICE\wudfsvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION
Print Spooler

Process
  Spoolsv.exe
Service Name
  spooler
Default Start mode
  Automatic
Process Identity
  LocalSystem
Requested Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeImpersonatePrivilege
  SeLoadDriverPrivilege
  SeTcbPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeImpersonatePrivilege
  SeTcbPrivilege
Integrity Label
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\AuthenticatedUsers
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\Spooler
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Problem Reports and Solutions Control Panel Support

Process
  Svchost netsvcs
Service Name
  wercplsupport
Default Start mode
  Manual
Process Identity
  LocalSystem
Requested Privileges
  SeImpersonatePrivilege
  SeTcbPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeCreateSymbolicLinkPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeLoadDriverPrivilege
  SeLockMemoryPrivilege
  SeManageVolumePrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeShutdownPrivilege
  SeSystemEnvironmentPrivilege
  SeSystemProfilePrivilege
  SeSystemtimePrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\BITS
  NT SERVICE\CertPropSvc
  NT SERVICE\EapHost
  NT SERVICE\hkmsvc
  NT SERVICE\IKEEXT
  NT SERVICE\iphlpsvc
  NT SERVICE\LanmanServer
  NT SERVICE\MSiSCSI
  NT SERVICE\RasAuto
  NT SERVICE\RasMan
  NT SERVICE\RemoteAccess
  NT SERVICE\Schedule
  NT SERVICE\SCPolicySvc
  NT SERVICE\SessionEnv
  NT SERVICE\SharedAccess
  NT SERVICE\wercplsupport
  NT SERVICE\Winmgmt
  NT SERVICE\wuauserv
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION
Program Compatibility Assistant Service

Process
  Svchost LocalSystemNetworkRestricted
Service Name
  PcaSvc
Default Start mode
  Automatic
Process Identity
  LocalSystem
Requested Privileges
  SeDebugPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePermanentPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeLoadDriverPrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
Integrity Label
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\AuthenticatedUsers
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\AudioEndpointBuilder
  NT SERVICE\CscService
  NT SERVICE\dot3svc
  NT SERVICE\EMDMgmt
  NT SERVICE\hidserv
  NT SERVICE\IPBusEnum
  NT SERVICE\Netman
  NT SERVICE\PcaSvc
  NT SERVICE\TabletInputService
  NT SERVICE\TrkWks
  NT SERVICE\UMRdpService
  NT SERVICE\UxSMS
  NT SERVICE\WdiSystemHost
  NT SERVICE\Wlansvc
  NT SERVICE\WPDBusEnum
  NT SERVICE\wudfsvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Protected Storage

Process
  Lsass.exe
Service Name
  ProtectedStorage
Default Start mode
  Manual
Process Identity
  LocalSystem
Requested Privileges
  N/A
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeCreateSymbolicLinkPrivilege
  SeCreateTokenPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeLoadDriverPrivilege
  SeLockMemoryPrivilege
  SeManageVolumePrivilege
  SeProfileSingleProcessPrivilege
  SeRelabelPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeShutdownPrivilege
  SeSystemEnvironmentPrivilege
  SeSystemProfilePrivilege
  SeSystemtimePrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeTimeZonePrivilege
  SeTrustedCredManAccessPrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  Everyone
  NT AUTHORITY\Authenticated Users
ACL
  Logon SID: Full Control
  Administrators: Terminate, Read Memory,
PROCESS_QUERY_LIMITED_INFORMATION, Query Information, Read
Permissions, SYNCHRONIZE
Quality Windows Audio Video Experience

Process
  Svchost LocalService
Service Name
  QWAVE
Default Start mode
  Manual
Process Identity
  LocalService
Requested Privileges
  SeChangeNotifyPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeShutdownPrivilege
  SeSystemtimePrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\EventSystem
  NT SERVICE\fdpHost
  NT SERVICE\FDResPub
  NT SERVICE\LanmanWorkstation
  NT SERVICE\lltdsvc
  NT SERVICE\Mcx2Svc
  NT SERVICE\netprofm
  NT SERVICE\nsi
  NT SERVICE\QWAVE
  NT SERVICE\SCardSvr
  NT SERVICE\SLUINotify
  NT SERVICE\SSDPSRV
  NT SERVICE\TBS
  NT SERVICE\THREADORDER
  NT SERVICE\upnphost
  NT SERVICE\W32Time
  NT SERVICE\wcncsvc
  NT SERVICE\WebClient
  NT SERVICE\WinHttpAutoProxySvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



ReadyBoost

Process
  Svchost LocalSystemNetworkRestricted
Service Name
  EMDMgmt
Default Start mode
  Automatic
Process Identity
  LocalSystem
Requested Privileges
  SeChangeNotifyPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePermanentPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeLoadDriverPrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
Integrity Label
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\AuthenticatedUsers
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\AudioEndpointBuilder
  NT SERVICE\CscService
  NT SERVICE\dot3svc
  NT SERVICE\EMDMgmt
  NT SERVICE\hidserv
  NT SERVICE\IPBusEnum
  NT SERVICE\Netman
  NT SERVICE\PcaSvc
  NT SERVICE\TabletInputService
  NT SERVICE\TrkWks
  NT SERVICE\UMRdpService
  NT SERVICE\UxSMS
  NT SERVICE\WdiSystemHost
  NT SERVICE\Wlansvc
  NT SERVICE\WPDBusEnum
  NT SERVICE\wudfsvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Remote Access Auto Connection Manager

Process
  Svchost netsvcs
Service Name
  RasAuto
Default Start mode
  Manual
Process Identity
  LocalSystem
Requested Privileges
  SeAssignPrimaryTokenPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeTcbPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeCreateSymbolicLinkPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeLoadDriverPrivilege
  SeLockMemoryPrivilege
  SeManageVolumePrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeShutdownPrivilege
  SeSystemEnvironmentPrivilege
  SeSystemProfilePrivilege
  SeSystemtimePrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\BITS
  NT SERVICE\CertPropSvc
  NT SERVICE\EapHost
  NT SERVICE\hkmsvc
  NT SERVICE\IKEEXT
  NT SERVICE\iphlpsvc
  NT SERVICE\LanmanServer
  NT SERVICE\MSiSCSI
  NT SERVICE\RasAuto
  NT SERVICE\RasMan
  NT SERVICE\RemoteAccess
  NT SERVICE\Schedule
  NT SERVICE\SCPolicySvc
  NT SERVICE\SessionEnv
  NT SERVICE\SharedAccess
  NT SERVICE\wercplsupport
  NT SERVICE\Winmgmt
  NT SERVICE\wuauserv
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Remote Access Connection Manager

Process
  Svchost netsvcs
Service Name
  RasMan
Default Start mode
  Manual
Process Identity
  LocalSystem
Requested Privileges
  SeAssignPrimaryTokenPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeTcbPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeCreateSymbolicLinkPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeLoadDriverPrivilege
  SeLockMemoryPrivilege
  SeManageVolumePrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeShutdownPrivilege
  SeSystemEnvironmentPrivilege
  SeSystemProfilePrivilege
  SeSystemtimePrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\BITS
  NT SERVICE\CertPropSvc
  NT SERVICE\EapHost
  NT SERVICE\hkmsvc
  NT SERVICE\IKEEXT
  NT SERVICE\iphlpsvc
  NT SERVICE\LanmanServer
  NT SERVICE\MSiSCSI
  NT SERVICE\RasAuto
  NT SERVICE\RasMan
  NT SERVICE\RemoteAccess
  NT SERVICE\Schedule
  NT SERVICE\SCPolicySvc
  NT SERVICE\SessionEnv
  NT SERVICE\SharedAccess
  NT SERVICE\wercplsupport
  NT SERVICE\Winmgmt
  NT SERVICE\wuauserv
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Remote Procedure Call (RPC)

Process
  Svchost rpcss
Service Name
  RpcSs
Default Start mode
  Automatic
Process Identity
  Network Service
Requested Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\RpcSs
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION
Remote Procedure Call (RPC) Locator

Process
  Locator.exe
Service Name
  RpcLocator
Default Start mode
  Manual
Process Identity
  Network Service
Requested Privileges
  N/A
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeShutdownPrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Remote Registry

Process
  Svchost regsvc
Service Name
  RemoteRegistry
Default Start mode
  Manual
Process Identity
  Local Service
Requested Privileges
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\RempteRegistry
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION
Removable Storage

Process
  Svchost rsmsvcs
Service Name
  NtmsSvc
Default Start mode
  Manual
Process Identity
  Local System
Requested Privileges
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeLockMemoryPrivilege
  SeProfileSingleProcessPrivilege
  SeTcbPrivilege
Assigned Privileges
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeLockMemoryPrivilege
  SeProfileSingleProcessPrivilege
  SeTcbPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\NtmsSvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



RIP Listener

Process
  Svchost ipripsvc
Service Name
  iprip
Default Start mode
  Automatic
Process Identity
  Local Service
Requested Privileges
  SeChangeNotifyPrivilege
Assigned Privileges
  SeChangeNotifyPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\iprip
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Routing and Remote Access

Process
  Svchost netsvcs
Service Name
  RemoteAccess
Default Start mode
  Automatic
Process Identity
  LocalSystem
Requested Privileges
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeImpersonatePrivilege
  SeLoadDriverPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeCreateSymbolicLinkPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeLoadDriverPrivilege
  SeLockMemoryPrivilege
  SeManageVolumePrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeShutdownPrivilege
  SeSystemEnvironmentPrivilege
  SeSystemProfilePrivilege
  SeSystemtimePrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\BITS
  NT SERVICE\CertPropSvc
  NT SERVICE\EapHost
  NT SERVICE\hkmsvc
  NT SERVICE\IKEEXT
  NT SERVICE\iphlpsvc
  NT SERVICE\LanmanServer
  NT SERVICE\MSiSCSI
  NT SERVICE\RasAuto
  NT SERVICE\RasMan
  NT SERVICE\RemoteAccess
  NT SERVICE\Schedule
  NT SERVICE\SCPolicySvc
  NT SERVICE\SessionEnv
  NT SERVICE\SharedAccess
  NT SERVICE\wercplsupport
  NT SERVICE\Winmgmt
  NT SERVICE\wuauserv
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Secondary Logon

Process
  Svchost netsvcs
Service Name
  seclogon
Default Start mode
  Automatic
Process Identity
  LocalSystem
Requested Privileges
  SeAssignPrimaryTokenPrivilege
  SeBackupPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeRestorePrivilege
  SeTcbPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeCreateSymbolicLinkPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeLoadDriverPrivilege
  SeLockMemoryPrivilege
  SeManageVolumePrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeShutdownPrivilege
  SeSystemEnvironmentPrivilege
  SeSystemProfilePrivilege
  SeSystemtimePrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\BITS
  NT SERVICE\CertPropSvc
  NT SERVICE\EapHost
  NT SERVICE\hkmsvc
  NT SERVICE\IKEEXT
  NT SERVICE\iphlpsvc
  NT SERVICE\LanmanServer
  NT SERVICE\MSiSCSI
  NT SERVICE\RasAuto
  NT SERVICE\RasMan
  NT SERVICE\RemoteAccess
  NT SERVICE\Schedule
  NT SERVICE\SCPolicySvc
  NT SERVICE\SessionEnv
  NT SERVICE\SharedAccess
  NT SERVICE\wercplsupport
  NT SERVICE\Winmgmt
  NT SERVICE\wuauserv
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Security Accounts Manager

Process
  Lsass.exe
Service Name
  SamSs
Default Start mode
  Automatic
Process Identity
  LocalSystem
Requested Privileges
  N/A
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeCreateSymbolicLinkPrivilege
  SeCreateTokenPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeLoadDriverPrivilege
  SeLockMemoryPrivilege
  SeManageVolumePrivilege
  SeProfileSingleProcessPrivilege
  SeRelabelPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeShutdownPrivilege
  SeSystemEnvironmentPrivilege
  SeSystemProfilePrivilege
  SeSystemtimePrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeTimeZonePrivilege
  SeTrustedCredManAccessPrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  Everyone
  NT AUTHORITY\Authenticated Users
ACL
  Logon SID: Full Control
  Administrators: Terminate, Read Memory,
PROCESS_QUERY_LIMITED_INFORMATION, Query Information, Read
Permissions, SYNCHRONIZE



Security Center

Process
  Svchost LocalServiceNetworkRestricted
Service Name
  wscsvc
Default Start mode
  Automatic (Delayed Start)
Process Identity
  LocalService
Requested Privileges
  SeChangeNotifyPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseWorkingSetPrivilege
Integrity Label
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\Audiosrv
  NT SERVICE\Dhcp
  NT SERVICE\Eventlog
  NT SERVICE\lmhosts
  NT SERVICE\p2pimsvc
  NT SERVICE\p2psvc
  NT SERVICE\PNRPAutoReg
  NT SERVICE\PNRPsvc
  NT SERVICE\WPCSvc
  NT SERVICE\wscsvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Server

Process
  Svchost netsvcs
Service Name
  LanmanServer
Default Start mode
  Automatic
Process Identity
  LocalSystem
Requested Privileges
  N/A
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeCreateSymbolicLinkPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeLoadDriverPrivilege
  SeLockMemoryPrivilege
  SeManageVolumePrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeShutdownPrivilege
  SeSystemEnvironmentPrivilege
  SeSystemProfilePrivilege
  SeSystemtimePrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\BITS
  NT SERVICE\CertPropSvc
  NT SERVICE\EapHost
  NT SERVICE\hkmsvc
  NT SERVICE\IKEEXT
  NT SERVICE\iphlpsvc
  NT SERVICE\LanmanServer
  NT SERVICE\MSiSCSI
  NT SERVICE\RasAuto
  NT SERVICE\RasMan
  NT SERVICE\RemoteAccess
  NT SERVICE\Schedule
  NT SERVICE\SCPolicySvc
  NT SERVICE\SessionEnv
  NT SERVICE\SharedAccess
  NT SERVICE\wercplsupport
  NT SERVICE\Winmgmt
  NT SERVICE\wuauserv
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Shell Hardware Detection

Process
  Svchost netsvcs
Service Name
  ShellHWDetection
Default Start mode
  Automatic
Process Identity
  LocalSystem
Requested Privileges
  N/A
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeCreateSymbolicLinkPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeLoadDriverPrivilege
  SeLockMemoryPrivilege
  SeManageVolumePrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeShutdownPrivilege
  SeSystemEnvironmentPrivilege
  SeSystemProfilePrivilege
  SeSystemtimePrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\BITS
  NT SERVICE\CertPropSvc
  NT SERVICE\EapHost
  NT SERVICE\hkmsvc
  NT SERVICE\IKEEXT
  NT SERVICE\iphlpsvc
  NT SERVICE\LanmanServer
  NT SERVICE\MSiSCSI
  NT SERVICE\RasAuto
  NT SERVICE\RasMan
  NT SERVICE\RemoteAccess
  NT SERVICE\Schedule
  NT SERVICE\SCPolicySvc
  NT SERVICE\SessionEnv
  NT SERVICE\SharedAccess
  NT SERVICE\wercplsupport
  NT SERVICE\Winmgmt
  NT SERVICE\wuauserv
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Simple TCP/IP Servcies

Process
  Tcpsvcs.exe
Service Name
  simptcp
Default Start mode
  Automatic
Process Identity
  Local Service
Requested Privileges
  SeAuditPrivilege
  SeCreateGlobalPrivilege
Assigned Privileges
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\simptcp
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



SL UI Notification Service

Process
  Svchost LocalService
Service Name
  SLUINotify
Default Start mode
  Manual
Process Identity
  LocalService
Requested Privileges
  SeChangeNotifyPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeShutdownPrivilege
  SeSystemtimePrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\EventSystem
  NT SERVICE\fdpHost
  NT SERVICE\FDResPub
  NT SERVICE\LanmanWorkstation
  NT SERVICE\lltdsvc
  NT SERVICE\Mcx2Svc
  NT SERVICE\netprofm
  NT SERVICE\nsi
  NT SERVICE\QWAVE
  NT SERVICE\SCardSvr
  NT SERVICE\SLUINotify
  NT SERVICE\SSDPSRV
  NT SERVICE\TBS
  NT SERVICE\THREADORDER
  NT SERVICE\upnphost
  NT SERVICE\W32Time
  NT SERVICE\wcncsvc
  NT SERVICE\WebClient
  NT SERVICE\WinHttpAutoProxySvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION
Smart Card

Process
  Svchost LocalService
Service Name
  SCardSvr
Default Start mode
  Manual
Process Identity
  LocalService
Requested Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeShutdownPrivilege
  SeSystemtimePrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\EventSystem
  NT SERVICE\fdpHost
  NT SERVICE\FDResPub
  NT SERVICE\LanmanWorkstation
  NT SERVICE\lltdsvc
  NT SERVICE\Mcx2Svc
  NT SERVICE\netprofm
  NT SERVICE\nsi
  NT SERVICE\QWAVE
  NT SERVICE\SCardSvr
  NT SERVICE\SLUINotify
  NT SERVICE\SSDPSRV
  NT SERVICE\TBS
  NT SERVICE\THREADORDER
  NT SERVICE\upnphost
  NT SERVICE\W32Time
  NT SERVICE\wcncsvc
  NT SERVICE\WebClient
  NT SERVICE\WinHttpAutoProxySvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Smart Card Removal Policy

Process
  Svchost netsvcs
Service Name
  SCPolicySvc
Default Start mode
  Manual
Process Identity
  LocalSystem
Requested Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeTcbPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeCreateSymbolicLinkPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeLoadDriverPrivilege
  SeLockMemoryPrivilege
  SeManageVolumePrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeShutdownPrivilege
  SeSystemEnvironmentPrivilege
  SeSystemProfilePrivilege
  SeSystemtimePrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\BITS
  NT SERVICE\CertPropSvc
  NT SERVICE\EapHost
  NT SERVICE\hkmsvc
  NT SERVICE\IKEEXT
  NT SERVICE\iphlpsvc
  NT SERVICE\LanmanServer
  NT SERVICE\MSiSCSI
  NT SERVICE\RasAuto
  NT SERVICE\RasMan
  NT SERVICE\RemoteAccess
  NT SERVICE\Schedule
  NT SERVICE\SCPolicySvc
  NT SERVICE\SessionEnv
  NT SERVICE\SharedAccess
  NT SERVICE\wercplsupport
  NT SERVICE\Winmgmt
  NT SERVICE\wuauserv
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



SNMP Service

Process
  Snmp.exe
Service Name
  SNMP
Default Start mode
  Automatic
Process Identity
  LocalSystem
Requested Privileges
  N/A
Assigned Privileges
  SeChangeNotifyPrivilege
  SeSecurityPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\SNMP
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



SNMP Trap

Process
  Snmptrap.exe
Service Name
  SNMPTRAP
Default Start mode
  Manual
Process Identity
  Local Service
Requested Privileges
  SeChangeNotifyPrivilege
Assigned Privileges
  SeChangeNotifyPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\SNMPTRAP
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Software Licensing

Process
  Slsvc.exe
Service Name
  slsvc
Default Start mode
  Automatic
Process Identity
  Network Service
Requested Privileges
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\slsvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



SSDP Discovery

Process
  Svchost LocalService
Service Name
  SSDPSRV
Default Start mode
  Manual
Process Identity
  LocalService
Requested Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeShutdownPrivilege
  SeSystemtimePrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\EventSystem
  NT SERVICE\fdpHost
  NT SERVICE\FDResPub
  NT SERVICE\LanmanWorkstation
  NT SERVICE\lltdsvc
  NT SERVICE\Mcx2Svc
  NT SERVICE\netprofm
  NT SERVICE\nsi
  NT SERVICE\QWAVE
  NT SERVICE\SCardSvr
  NT SERVICE\SLUINotify
  NT SERVICE\SSDPSRV
  NT SERVICE\TBS
  NT SERVICE\THREADORDER
  NT SERVICE\upnphost
  NT SERVICE\W32Time
  NT SERVICE\wcncsvc
  NT SERVICE\WebClient
  NT SERVICE\WinHttpAutoProxySvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Superfetch

Process
  Svchost LocalSystemNetworkRestricted
Service Name
  SysMain
Default Start mode
  Automatic
Process Identity
  LocalSystem
Requested Privileges
  SeDebugPrivilege
  SeProfileSingleProcessPrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePermanentPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeLoadDriverPrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
Integrity Label
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\AuthenticatedUsers
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\AudioEndpointBuilder
  NT SERVICE\CscService
  NT SERVICE\dot3svc
  NT SERVICE\EMDMgmt
  NT SERVICE\hidserv
  NT SERVICE\IPBusEnum
  NT SERVICE\Netman
  NT SERVICE\PcaSvc
  NT SERVICE\TabletInputService
  NT SERVICE\TrkWks
  NT SERVICE\UMRdpService
  NT SERVICE\UxSMS
  NT SERVICE\WdiSystemHost
  NT SERVICE\Wlansvc
  NT SERVICE\WPDBusEnum
  NT SERVICE\wudfsvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



System Event Notification Service

Process
  Svchost netsvcs
Service Name
  SENS
Default Start mode
  Automatic
Process Identity
  LocalSystem
Requested Privileges
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeTcbPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeCreateSymbolicLinkPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeLoadDriverPrivilege
  SeLockMemoryPrivilege
  SeManageVolumePrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeShutdownPrivilege
  SeSystemEnvironmentPrivilege
  SeSystemProfilePrivilege
  SeSystemtimePrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\BITS
  NT SERVICE\CertPropSvc
  NT SERVICE\EapHost
  NT SERVICE\hkmsvc
  NT SERVICE\IKEEXT
  NT SERVICE\iphlpsvc
  NT SERVICE\LanmanServer
  NT SERVICE\MSiSCSI
  NT SERVICE\RasAuto
  NT SERVICE\RasMan
  NT SERVICE\RemoteAccess
  NT SERVICE\Schedule
  NT SERVICE\SCPolicySvc
  NT SERVICE\SessionEnv
  NT SERVICE\SharedAccess
  NT SERVICE\wercplsupport
  NT SERVICE\Winmgmt
  NT SERVICE\wuauserv
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Tablet PC Input Service

Process
  Svchost LocalSystemNetworkRestricted
Service Name
  TabletInputService
Default Start mode
  Automatic
Process Identity
  LocalSystem
Requested Privileges
  SeAssignPrimaryTokenPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeTcbPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePermanentPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeLoadDriverPrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
Integrity Label
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\AuthenticatedUsers
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\AudioEndpointBuilder
  NT SERVICE\CscService
  NT SERVICE\dot3svc
  NT SERVICE\EMDMgmt
  NT SERVICE\hidserv
  NT SERVICE\IPBusEnum
  NT SERVICE\Netman
  NT SERVICE\PcaSvc
  NT SERVICE\TabletInputService
  NT SERVICE\TrkWks
  NT SERVICE\UMRdpService
  NT SERVICE\UxSMS
  NT SERVICE\WdiSystemHost
  NT SERVICE\Wlansvc
  NT SERVICE\WPDBusEnum
  NT SERVICE\wudfsvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Task Scheduler

Process
  Svchost netsvcs
Service Name
  Schedule
Default Start mode
  Automatic
Process Identity
  LocalSystem
Requested Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeRestorePrivilege
  SeTcbPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeCreateSymbolicLinkPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeLoadDriverPrivilege
  SeLockMemoryPrivilege
  SeManageVolumePrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeShutdownPrivilege
  SeSystemEnvironmentPrivilege
  SeSystemProfilePrivilege
  SeSystemtimePrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\BITS
  NT SERVICE\CertPropSvc
  NT SERVICE\EapHost
  NT SERVICE\hkmsvc
  NT SERVICE\IKEEXT
  NT SERVICE\iphlpsvc
  NT SERVICE\LanmanServer
  NT SERVICE\MSiSCSI
  NT SERVICE\RasAuto
  NT SERVICE\RasMan
  NT SERVICE\RemoteAccess
  NT SERVICE\Schedule
  NT SERVICE\SCPolicySvc
  NT SERVICE\SessionEnv
  NT SERVICE\SharedAccess
  NT SERVICE\wercplsupport
  NT SERVICE\Winmgmt
  NT SERVICE\wuauserv
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



TCP/IP NetBIOS Helper

Process
  Svchost LocalServiceNetworkRestricted
Service Name
  lmhosts
Default Start mode
  Automatic
Process Identity
  LocalService
Requested Privileges
  SeCreateGlobalPrivilege
Assigned Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseWorkingSetPrivilege
Integrity Label
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\Audiosrv
  NT SERVICE\Dhcp
  NT SERVICE\Eventlog
  NT SERVICE\lmhosts
  NT SERVICE\p2pimsvc
  NT SERVICE\p2psvc
  NT SERVICE\PNRPAutoReg
  NT SERVICE\PNRPsvc
  NT SERVICE\WPCSvc
  NT SERVICE\wscsvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



TCP/IP Print Server

Process
  Svchost LPDService
Service Name
  LPDSVC
Default Start mode
  Automatic
Process Identity
  LocalSystem
Requested Privileges
  N/A
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeCreateSymbolicLinkPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeLoadDriverPrivilege
  SeLockMemoryPrivilege
  SeManageVolumePrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeSystemProfilePrivilege
  SeSystemtimePrivilege
  SeTakeOwnershipPrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Label
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\LPDSVC
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Telephony

Process
  Svchost NetworkService
Service Name
  TapiSrv
Default Start mode
  Manual
Process Identity
  NetworkService
Requested Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\CryptSvc
  NT SERVICE\Dnscache
  NT SERVICE\KtmRm
  NT SERVICE\napagent
  NT SERVICE\NlaSvc
  NT SERVICE\TapiSrv
  NT SERVICE\TermService
  NT SERVICE\Wecsvc
  NT SERVICE\WinRM
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Telnet Server

Process
  Tlntsvr.exe
Service Name
  TlntSvr
Default Start mode
  Automatic
Process Identity
  Local Service
Requested Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\TlntSvr
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Terminal Services

Process
  Svchost NetworkService
Service Name
  TermService
Default Start mode
  Automatic
Process Identity
  NetworkService
Requested Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\CryptSvc
  NT SERVICE\Dnscache
  NT SERVICE\KtmRm
  NT SERVICE\napagent
  NT SERVICE\NlaSvc
  NT SERVICE\TapiSrv
  NT SERVICE\TermService
  NT SERVICE\Wecsvc
  NT SERVICE\WinRM
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Terminal Services Configuration

Process
  Svchost netsvcs
Service Name
  SessionEnv
Default Start mode
  Manual
Process Identity
  LocalSystem
Requested Privileges
  SeImpersonatePrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeCreateSymbolicLinkPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeLoadDriverPrivilege
  SeLockMemoryPrivilege
  SeManageVolumePrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeShutdownPrivilege
  SeSystemEnvironmentPrivilege
  SeSystemProfilePrivilege
  SeSystemtimePrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\BITS
  NT SERVICE\CertPropSvc
  NT SERVICE\EapHost
  NT SERVICE\hkmsvc
  NT SERVICE\IKEEXT
  NT SERVICE\iphlpsvc
  NT SERVICE\LanmanServer
  NT SERVICE\MSiSCSI
  NT SERVICE\RasAuto
  NT SERVICE\RasMan
  NT SERVICE\RemoteAccess
  NT SERVICE\Schedule
  NT SERVICE\SCPolicySvc
  NT SERVICE\SessionEnv
  NT SERVICE\SharedAccess
  NT SERVICE\wercplsupport
  NT SERVICE\Winmgmt
  NT SERVICE\wuauserv
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Terminal Services UserMode Port Redirector

Process
  Svchost LocalSystemNetworkRestricted
Service Name
  UmRdpService
Default Start mode
  Manual
Process Identity
  LocalSystem
Requested Privileges
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePermanentPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeLoadDriverPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePermanentPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeLoadDriverPrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
Integrity Label
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\AuthenticatedUsers
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\AudioEndpointBuilder
  NT SERVICE\CscService
  NT SERVICE\dot3svc
  NT SERVICE\EMDMgmt
  NT SERVICE\hidserv
  NT SERVICE\IPBusEnum
  NT SERVICE\Netman
  NT SERVICE\PcaSvc
  NT SERVICE\TabletInputService
  NT SERVICE\TrkWks
  NT SERVICE\UMRdpService
  NT SERVICE\UxSMS
  NT SERVICE\WdiSystemHost
  NT SERVICE\Wlansvc
  NT SERVICE\WPDBusEnum
  NT SERVICE\wudfsvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Themes

Process
  Svchost netsvcs
Service Name
  Themes
Default Start mode
  Automatic
Process Identity
  LocalSystem
Requested Privileges
  SeAssignPrimaryTokenPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeCreateSymbolicLinkPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeLoadDriverPrivilege
  SeLockMemoryPrivilege
  SeManageVolumePrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeShutdownPrivilege
  SeSystemEnvironmentPrivilege
  SeSystemProfilePrivilege
  SeSystemtimePrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\BITS
  NT SERVICE\CertPropSvc
  NT SERVICE\EapHost
  NT SERVICE\hkmsvc
  NT SERVICE\IKEEXT
  NT SERVICE\iphlpsvc
  NT SERVICE\LanmanServer
  NT SERVICE\MSiSCSI
  NT SERVICE\RasAuto
  NT SERVICE\RasMan
  NT SERVICE\RemoteAccess
  NT SERVICE\Schedule
  NT SERVICE\SCPolicySvc
  NT SERVICE\SessionEnv
  NT SERVICE\SharedAccess
  NT SERVICE\wercplsupport
  NT SERVICE\Winmgmt
  NT SERVICE\wuauserv
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION
Thread Ordering Server

Process
  Svchost LocalService
Service Name
  THREADORDER
Default Start mode
  Manual
Process Identity
  LocalService
Requested Privileges
  SeChangeNotifyPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeShutdownPrivilege
  SeSystemtimePrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\EventSystem
  NT SERVICE\fdpHost
  NT SERVICE\FDResPub
  NT SERVICE\LanmanWorkstation
  NT SERVICE\lltdsvc
  NT SERVICE\Mcx2Svc
  NT SERVICE\netprofm
  NT SERVICE\nsi
  NT SERVICE\QWAVE
  NT SERVICE\SCardSvr
  NT SERVICE\SLUINotify
  NT SERVICE\SSDPSRV
  NT SERVICE\TBS
  NT SERVICE\THREADORDER
  NT SERVICE\upnphost
  NT SERVICE\W32Time
  NT SERVICE\wcncsvc
  NT SERVICE\WebClient
  NT SERVICE\WinHttpAutoProxySvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



TPM Base Services

Process
  Svchost LocalService
Service Name
  TBS
Default Start mode
  Manual
Process Identity
  LocalService
Requested Privileges
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeShutdownPrivilege
  SeSystemtimePrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\EventSystem
  NT SERVICE\fdpHost
  NT SERVICE\FDResPub
  NT SERVICE\LanmanWorkstation
  NT SERVICE\lltdsvc
  NT SERVICE\Mcx2Svc
  NT SERVICE\netprofm
  NT SERVICE\nsi
  NT SERVICE\QWAVE
  NT SERVICE\SCardSvr
  NT SERVICE\SLUINotify
  NT SERVICE\SSDPSRV
  NT SERVICE\TBS
  NT SERVICE\THREADORDER
  NT SERVICE\upnphost
  NT SERVICE\W32Time
  NT SERVICE\wcncsvc
  NT SERVICE\WebClient
  NT SERVICE\WinHttpAutoProxySvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



UPnP Device Host

Process
  Svchost LocalService
Service Name
  upnphost
Default Start mode
  Automatic
Process Identity
  LocalService
Requested Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeShutdownPrivilege
  SeSystemtimePrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\EventSystem
  NT SERVICE\fdpHost
  NT SERVICE\FDResPub
  NT SERVICE\LanmanWorkstation
  NT SERVICE\lltdsvc
  NT SERVICE\Mcx2Svc
  NT SERVICE\netprofm
  NT SERVICE\nsi
  NT SERVICE\QWAVE
  NT SERVICE\SCardSvr
  NT SERVICE\SLUINotify
  NT SERVICE\SSDPSRV
  NT SERVICE\TBS
  NT SERVICE\THREADORDER
  NT SERVICE\upnphost
  NT SERVICE\W32Time
  NT SERVICE\wcncsvc
  NT SERVICE\WebClient
  NT SERVICE\WinHttpAutoProxySvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



User Profile Service

Process
  Svchost netsvcs
Service Name
  ProfSvc
Default Start mode
  Automatic
Process Identity
  LocalSystem
Requested Privileges
  SeBackupPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeRestorePrivilege
  SeTakeOwnershipPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeCreateSymbolicLinkPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeLoadDriverPrivilege
  SeLockMemoryPrivilege
  SeManageVolumePrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeShutdownPrivilege
  SeSystemEnvironmentPrivilege
  SeSystemProfilePrivilege
  SeSystemtimePrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\BITS
  NT SERVICE\CertPropSvc
  NT SERVICE\EapHost
  NT SERVICE\hkmsvc
  NT SERVICE\IKEEXT
  NT SERVICE\iphlpsvc
  NT SERVICE\LanmanServer
  NT SERVICE\MSiSCSI
  NT SERVICE\RasAuto
  NT SERVICE\RasMan
  NT SERVICE\RemoteAccess
  NT SERVICE\Schedule
  NT SERVICE\SCPolicySvc
  NT SERVICE\SessionEnv
  NT SERVICE\SharedAccess
  NT SERVICE\wercplsupport
  NT SERVICE\Winmgmt
  NT SERVICE\wuauserv
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Virtual Disk

Process
  vds.exe
Service Name
  vds
Default Start mode
  Manual
Process Identity
  LocalSystem
Requested Privileges
  N/A
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeCreateSymbolicLinkPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeLoadDriverPrivilege
  SeLockMemoryPrivilege
  SeManageVolumePrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeShutdownPrivilege
  SeSystemEnvironmentPrivilege
  SeSystemProfilePrivilege
  SeSystemtimePrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\vds
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Volume Shadow Copy

Process
  Vssvc.exe
Service Name
  VSS
Default Start mode
  Manual
Process Identity
  LocalSystem
Requested Privileges
  N/A
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeCreateSymbolicLinkPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeLoadDriverPrivilege
  SeLockMemoryPrivilege
  SeManageVolumePrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeShutdownPrivilege
  SeSystemEnvironmentPrivilege
  SeSystemProfilePrivilege
  SeSystemtimePrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  Everyone
  NT AUTHORITY\Authenticated Users
ACL
   LocalSystem: Full Control
   Administrators: SYNCHRONIZE, Terminate, Read Memory, Query Informa-
tion, PROCESS_QUERY_LIMITED_INFORMATION, Read Permissions



Web Management Service

Process
  Wmsvc.exe
Service Name
  WMSvc
Default Start mode
  Manual
Process Identity
  Local Service
Requested Privileges
  SeChangeNotifyPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeChangeNotifyPrivilege
  SeImpersonatePrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\WMSvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



WebClient

Process
  Svchost LocalService
Service Name
  WebClient
Default Start mode
  Automatic
Process Identity
  LocalService
Requested Privileges
  SeImpersonatePrivilege
  SeCreateGlobalPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeShutdownPrivilege
  SeSystemtimePrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\EventSystem
  NT SERVICE\fdpHost
  NT SERVICE\FDResPub
  NT SERVICE\LanmanWorkstation
  NT SERVICE\lltdsvc
  NT SERVICE\Mcx2Svc
  NT SERVICE\netprofm
  NT SERVICE\nsi
  NT SERVICE\QWAVE
  NT SERVICE\SCardSvr
  NT SERVICE\SLUINotify
  NT SERVICE\SSDPSRV
  NT SERVICE\TBS
  NT SERVICE\THREADORDER
  NT SERVICE\upnphost
  NT SERVICE\W32Time
  NT SERVICE\wcncsvc
  NT SERVICE\WebClient
  NT SERVICE\WinHttpAutoProxySvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION
Windows Audio

Process
  Svchost LocalServiceNetworkRestricted
Service Name
  Audiosrv
Default Start mode
  Automatic
Process Identity
  LocalService
Requested Privileges
  SeChangeNotifyPrivilege
  SeImpersonatePrivilege
  SeIncreaseWorkingSetPrivilege
Assigned Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseWorkingSetPrivilege
Integrity Label
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\Audiosrv
  NT SERVICE\Dhcp
  NT SERVICE\Eventlog
  NT SERVICE\lmhosts
  NT SERVICE\p2pimsvc
  NT SERVICE\p2psvc
  NT SERVICE\PNRPAutoReg
  NT SERVICE\PNRPsvc
  NT SERVICE\WPCSvc
  NT SERVICE\wscsvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Windows Audio Endpoint Builder

Process
  Svchost LocalSystemNetworkRestricted
Service Name
  AudioEndpointBuilder
Default Start mode
  Automatic
Process Identity
  LocalSystem
Requested Privileges
  SeChangeNotifyPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePermanentPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeLoadDriverPrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
Integrity Label
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\AuthenticatedUsers
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\AudioEndpointBuilder
  NT SERVICE\CscService
  NT SERVICE\dot3svc
  NT SERVICE\EMDMgmt
  NT SERVICE\hidserv
  NT SERVICE\IPBusEnum
  NT SERVICE\Netman
  NT SERVICE\PcaSvc
  NT SERVICE\TabletInputService
  NT SERVICE\TrkWks
  NT SERVICE\UMRdpService
  NT SERVICE\UxSMS
  NT SERVICE\WdiSystemHost
  NT SERVICE\Wlansvc
  NT SERVICE\WPDBusEnum
  NT SERVICE\wudfsvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Windows Backup

Process
  Svchost SDRSVC
Service Name
  SDRSVC
Default Start mode
  Manual
Process Identity
  LocalSystem
Requested Privileges
  N/A
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeCreateSymbolicLinkPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeLoadDriverPrivilege
  SeLockMemoryPrivilege
  SeManageVolumePrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeShutdownPrivilege
  SeSystemEnvironmentPrivilege
  SeSystemProfilePrivilege
  SeSystemtimePrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Label
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\AuthenticatedUsers
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\SDRSVC
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Windows CardSpace

Process
  %windir%\Microsoft.NET\Framework\v3.0\Windows Communication Foun-
dation\infocard.exe
Service Name
  idsvc
Default Start mode
  Manual
Process Identity
  LocalSystem
Requested Privileges
  SeAssignPrimaryTokenPrivilege
  SeBackupPrivilege
  SeImpersonatePrivilege
  SeRestorePrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeBackupPrivilege
  SeImpersonatePrivilege
  SeRestorePrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
Integrity Label
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\AuthenticatedUsers
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\idsvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION
  INTERACTIVE: SYNCHRONIZE



Windows Color System

Process
  Svchost wcssvc
Service Name
  WcsPlugInService
Default Start mode
  Manual
Process Identity
  Local Service
Requested Privileges
  SeChangeNotifyPrivilege
Assigned Privileges
  SeChangeNotifyPrivilege
Integrity Label
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\AuthenticatedUsers
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\ WcsPlugInService
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Windows Connect Now - Config Registrar

Process
  Svchost LocalService
Service Name
  wcncsvc
Default Start mode
  Manual
Process Identity
  LocalService
Requested Privileges
  SeChangeNotifyPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeShutdownPrivilege
  SeSystemtimePrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\EventSystem
  NT SERVICE\fdpHost
  NT SERVICE\FDResPub
  NT SERVICE\LanmanWorkstation
  NT SERVICE\lltdsvc
  NT SERVICE\Mcx2Svc
  NT SERVICE\netprofm
  NT SERVICE\nsi
  NT SERVICE\QWAVE
  NT SERVICE\SCardSvr
  NT SERVICE\SLUINotify
  NT SERVICE\SSDPSRV
  NT SERVICE\TBS
  NT SERVICE\THREADORDER
  NT SERVICE\upnphost
  NT SERVICE\W32Time
  NT SERVICE\wcncsvc
  NT SERVICE\WebClient
  NT SERVICE\WinHttpAutoProxySvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Windows Defender

Process
  Svchost secsvcs
Service Name
  WinDefend
Default Start mode
  Automatic
Process Identity
  LocalSystem
Requested Privileges
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
Assigned Privileges
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
Integrity Label
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\AuthenticatedUsers
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\WinDefend
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION
Windows Driver Foundation - User-mode Driver Framework

Process
  Svchost LocalSystemNetworkRestricted
Service Name
  wudfsvc
Default Start mode
  Manual
Process Identity
  LocalSystem
Requested Privileges
  SeAssignPrimaryTokenPrivilege
  SeChangeNotifyPrivilege
  SeIncreaseQuotaPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePermanentPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeLoadDriverPrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
Integrity Label
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\AuthenticatedUsers
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\AudioEndpointBuilder
  NT SERVICE\CscService
  NT SERVICE\dot3svc
  NT SERVICE\EMDMgmt
  NT SERVICE\hidserv
  NT SERVICE\IPBusEnum
  NT SERVICE\Netman
  NT SERVICE\PcaSvc
  NT SERVICE\TabletInputService
  NT SERVICE\TrkWks
  NT SERVICE\UMRdpService
  NT SERVICE\UxSMS
  NT SERVICE\WdiSystemHost
  NT SERVICE\Wlansvc
  NT SERVICE\WPDBusEnum
  NT SERVICE\wudfsvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Windows Error Reporting Service

Process
  Svchost WerSvcGroup
Service Name
  WerSvc
Default Start mode
  Automatic
Process Identity
  LocalSystem
Requested Privileges
  SeAssignPrimaryTokenPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeTcbPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeChangeNotifyPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeTcbPrivilege
Integrity Label
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\AuthenticatedUsers
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\WerSvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Windows Event Collector

Process
  Svchost NetworkService
Service Name
  Wecsvc
Default Start mode
  Manual
Process Identity
  NetworkService
Requested Privileges
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\CryptSvc
  NT SERVICE\Dnscache
  NT SERVICE\KtmRm
  NT SERVICE\napagent
  NT SERVICE\NlaSvc
  NT SERVICE\TapiSrv
  NT SERVICE\TermService
  NT SERVICE\Wecsvc
  NT SERVICE\WinRM
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Windows Event Log

Process
  Svchost LocalServiceNetworkRestricted
Service Name
  Eventlog
Default Start mode
  Automatic
Process Identity
  LocalService
Requested Privileges
  SeChangeNotifyPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseWorkingSetPrivilege
Integrity Label
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\Audiosrv
  NT SERVICE\Dhcp
  NT SERVICE\Eventlog
  NT SERVICE\lmhosts
  NT SERVICE\p2pimsvc
  NT SERVICE\p2psvc
  NT SERVICE\PNRPAutoReg
  NT SERVICE\PNRPsvc
  NT SERVICE\WPCSvc
  NT SERVICE\wscsvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION
Windows Firewall

Process
  Svchost LocalServiceNoNetwork
Service Name
  MpsSvc
Default Start mode
  Automatic
Process Identity
  LocalService
Requested Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  Everyone, Restricted
  LOCAL
  Logon SID
  Logon SID, Restricted
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT AUTHORITY\WRITE RESTRICTED, Restricted
  NT AUTHORITY\WRITE RESTRICTED
  NT SERVICE\BFE
  NT SERVICE\BFE, Restricted
  NT SERVICE\DPS
  NT SERVICE\DPS, Restricted
  NT SERVICE\ehstart
  NT SERVICE\ehstart, Restricted
  NT SERVICE\MpsSvc
  NT SERVICE\MpsSvc, Restricted
  NT SERVICE\pla
  NT SERVICE\pla, Restricted
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Windows Image Acquisition (WIA)

Process
  Svchost imgsvc
Service Name
  stisvc
Default Start mode
  Manual
Process Identity
  LocalService
Requested Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION
  LOCAL: SYNCHRONIZE, read permissions



Windows Installer

Process
  Msiexec.exe
Service Name
  msiserver
Default Start mode
  Manual
Process Identity
  LocalSystem
Requested Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeLoadDriverPrivilege
  SeLockMemoryPrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeShutdownPrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePageFilePrivilege
  SeCreatePermanentPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeLoadDriverPrivilege
  SeLockMemoryPrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeShutdownPrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
Integrity Label
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\AuthenticatedUsers
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\msiserver
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Windows Management Instrumentation

Process
  Svchost netsvcs
Service Name
  Winmgmt
Default Start mode
  Automatic
Process Identity
  LocalSystem
Requested Privileges
  N/A
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeCreateSymbolicLinkPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeLoadDriverPrivilege
  SeLockMemoryPrivilege
  SeManageVolumePrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeShutdownPrivilege
  SeSystemEnvironmentPrivilege
  SeSystemProfilePrivilege
  SeSystemtimePrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\BITS
  NT SERVICE\CertPropSvc
  NT SERVICE\EapHost
  NT SERVICE\hkmsvc
  NT SERVICE\IKEEXT
  NT SERVICE\iphlpsvc
  NT SERVICE\LanmanServer
  NT SERVICE\MSiSCSI
  NT SERVICE\RasAuto
  NT SERVICE\RasMan
  NT SERVICE\RemoteAccess
  NT SERVICE\Schedule
  NT SERVICE\SCPolicySvc
  NT SERVICE\SessionEnv
  NT SERVICE\SharedAccess
  NT SERVICE\wercplsupport
  NT SERVICE\Winmgmt
  NT SERVICE\wuauserv
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION
Windows Media Center Extender Service

Process
  Svchost LocalService
Service Name
  Mcx2Svc
Default Start mode
  Disabled
Process Identity
  LocalService
Requested Privileges
  SeChangeNotifyPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeShutdownPrivilege
  SeSystemtimePrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\EventSystem
  NT SERVICE\fdpHost
  NT SERVICE\FDResPub
  NT SERVICE\LanmanWorkstation
  NT SERVICE\lltdsvc
  NT SERVICE\Mcx2Svc
  NT SERVICE\netprofm
  NT SERVICE\nsi
  NT SERVICE\QWAVE
  NT SERVICE\SCardSvr
  NT SERVICE\SLUINotify
  NT SERVICE\SSDPSRV
  NT SERVICE\TBS
  NT SERVICE\THREADORDER
  NT SERVICE\upnphost
  NT SERVICE\W32Time
  NT SERVICE\wcncsvc
  NT SERVICE\WebClient
  NT SERVICE\WinHttpAutoProxySvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Windows Media Center Receiver Service

Process
  ehRecvr.exe
Service Name
  ehRecvr
Default Start mode
  Manual
Process Identity
  Network Service
Requested Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\ehRecvr
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Windows Media Center Scheduler Service

Process
  ehsched.exe
Service Name
  ehSched
Default Start mode
  Manual
Process Identity
  Network Service
Requested Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\ehSched
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Windows Media Center Service Launcher

Process
  Svchost LocalServiceNoNetwork
Service Name
  ehstart
Default Start mode
  Automatic (Delayed Start)
Process Identity
  LocalService
Requested Privileges
  SeChangeNotifyPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  Everyone, Restricted
  LOCAL
  Logon SID
  Logon SID, Restricted
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT AUTHORITY\WRITE RESTRICTED, Restricted
  NT AUTHORITY\WRITE RESTRICTED
  NT SERVICE\BFE
  NT SERVICE\BFE, Restricted
  NT SERVICE\DPS
  NT SERVICE\DPS, Restricted
  NT SERVICE\ehstart
  NT SERVICE\ehstart, Restricted
  NT SERVICE\MpsSvc
  NT SERVICE\MpsSvc, Restricted
  NT SERVICE\pla
  NT SERVICE\pla, Restricted
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Windows Media Player Network Sharing Service

Process
  %ProgramFiles%\Windows Media Player\wmpnetwk.exe
Service Name
  WMPNetworkSvc
Default Start mode
  Manual
Process Identity
  Network Service
Requested Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
Assigned Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\WMPNetworkSvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Windows Modules Installer

Process
  %windir%\servicing\TrustedInstaller.exe
Service Name
  TrustedInstaller
Default Start mode
  Manual
Process Identity
  LocalSystem
Requested Privileges
  N/A
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeCreateSymbolicLinkPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeLoadDriverPrivilege
  SeLockMemoryPrivilege
  SeManageVolumePrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeShutdownPrivilege
  SeSystemEnvironmentPrivilege
  SeSystemProfilePrivilege
  SeSystemtimePrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\TrustedInstaller
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Windows Presentation Foundation Font Cache 3.0.0.0

Process
  %windir%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
Service Name
  FontCache3.0.0.0
Default Start mode
  Manual
Process Identity
  LocalService
Requested Privileges
  N/A
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeShutdownPrivilege
  SeSystemtimePrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\ FontCache3.0.0.0
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Windows Process Activation Service

Process
  Svchost iissvcs
Service Name
  WAS
Default Start mode
  Manual
Process Identity
  LocalSystem
Requested Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeRestorePrivilege
  SeTcbPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeRestorePrivilege
  SeTcbPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  Everyone
  NT AUTHORITY\Authenticated Users
ACL
  System: Full Control
  Power Users: SYNCHRONIZE
  Server Operators: SYNCHRONIZE
  Performance Monitor Users: SYNCHRONIZE
  Performance Log Users: SYNCHRONIZE
  Logon SID: Full Control
  Administrators: SYNCHRONIZE, Terminate, Read Memory,
PROCESS_QUERY_LIMITED_INFORMATION, Query Information, Read
Permissions



Windows Remote Management (WS-Management)

Process
  Svchost NetworkService
Service Name
  WinRM
Default Start mode
  Manual
Process Identity
  NetworkService
Requested Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\CryptSvc
  NT SERVICE\Dnscache
  NT SERVICE\KtmRm
  NT SERVICE\napagent
  NT SERVICE\NlaSvc
  NT SERVICE\TapiSrv
  NT SERVICE\TermService
  NT SERVICE\Wecsvc
  NT SERVICE\WinRM
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Windows Search

Process
  SearchIndexer.exe
Service Name
  WSearch
Default Start mode
  Automatic
Process Identity
  LocalSystem
Requested Privileges
  SeAssignPrimaryTokenPrivilege
  SeChangeNotifyPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeManageVolumePrivilege
  SeTcbPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeChangeNotifyPrivilege
  SeImpersonatePrivilege
  SeManageVolumePrivilege
  SeTcbPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\WSearch
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION
Windows Time

Process
  Svchost LocalService
Service Name
  W32Time
Default Start mode
  Automatic
Process Identity
  LocalService
Requested Privileges
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeSystemtimePrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeShutdownPrivilege
  SeSystemtimePrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\EventSystem
  NT SERVICE\fdpHost
  NT SERVICE\FDResPub
  NT SERVICE\LanmanWorkstation
  NT SERVICE\lltdsvc
  NT SERVICE\Mcx2Svc
  NT SERVICE\netprofm
  NT SERVICE\nsi
  NT SERVICE\QWAVE
  NT SERVICE\SCardSvr
  NT SERVICE\SLUINotify
  NT SERVICE\SSDPSRV
  NT SERVICE\TBS
  NT SERVICE\THREADORDER
  NT SERVICE\upnphost
  NT SERVICE\W32Time
  NT SERVICE\wcncsvc
  NT SERVICE\WebClient
  NT SERVICE\WinHttpAutoProxySvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Windows Update

Process
  Svchost netsvcs
Service Name
  wuauserv
Default Start mode
  Automatic (Delayed Start)
Process Identity
  LocalSystem
Requested Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeTcbPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeCreateSymbolicLinkPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeLoadDriverPrivilege
  SeLockMemoryPrivilege
  SeManageVolumePrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeShutdownPrivilege
  SeSystemEnvironmentPrivilege
  SeSystemProfilePrivilege
  SeSystemtimePrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\BITS
  NT SERVICE\CertPropSvc
  NT SERVICE\EapHost
  NT SERVICE\hkmsvc
  NT SERVICE\IKEEXT
  NT SERVICE\iphlpsvc
  NT SERVICE\LanmanServer
  NT SERVICE\MSiSCSI
  NT SERVICE\RasAuto
  NT SERVICE\RasMan
  NT SERVICE\RemoteAccess
  NT SERVICE\Schedule
  NT SERVICE\SCPolicySvc
  NT SERVICE\SessionEnv
  NT SERVICE\SharedAccess
  NT SERVICE\wercplsupport
  NT SERVICE\Winmgmt
  NT SERVICE\wuauserv
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



WinHTTP Web Proxy Auto-Discovery Service

Process
  Svchost LocalService
Service Name
  WinHttpAutoProxySvc
Default Start mode
  Manual
Process Identity
  LocalService
Requested Privileges
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeShutdownPrivilege
  SeSystemtimePrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\EventSystem
  NT SERVICE\fdpHost
  NT SERVICE\FDResPub
  NT SERVICE\LanmanWorkstation
  NT SERVICE\lltdsvc
  NT SERVICE\Mcx2Svc
  NT SERVICE\netprofm
  NT SERVICE\nsi
  NT SERVICE\QWAVE
  NT SERVICE\SCardSvr
  NT SERVICE\SLUINotify
  NT SERVICE\SSDPSRV
  NT SERVICE\TBS
  NT SERVICE\THREADORDER
  NT SERVICE\upnphost
  NT SERVICE\W32Time
  NT SERVICE\wcncsvc
  NT SERVICE\WebClient
  NT SERVICE\WinHttpAutoProxySvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



Wired AutoConfig

Process
  Svchost LocalSystemNetworkRestricted
Service Name
  dot3svc
Default Start mode
  Manual
Process Identity
  LocalSystem
Requested Privileges
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeImpersonatePrivilege
  SeTcbPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePermanentPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeLoadDriverPrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
Integrity Label
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\AuthenticatedUsers
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\AudioEndpointBuilder
  NT SERVICE\CscService
  NT SERVICE\dot3svc
  NT SERVICE\EMDMgmt
  NT SERVICE\hidserv
  NT SERVICE\IPBusEnum
  NT SERVICE\Netman
  NT SERVICE\PcaSvc
  NT SERVICE\TabletInputService
  NT SERVICE\TrkWks
  NT SERVICE\UMRdpService
  NT SERVICE\UxSMS
  NT SERVICE\WdiSystemHost
  NT SERVICE\Wlansvc
  NT SERVICE\WPDBusEnum
  NT SERVICE\wudfsvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



WLAN AutoConfig

Process
  Svchost LocalSystemNetworkRestricted
Service Name
  Wlansvc
Default Start mode
  Manual
Process Identity
  LocalSystem
Requested Privileges
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeTcbPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePermanentPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeLoadDriverPrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
Integrity Label
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\AuthenticatedUsers
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\AudioEndpointBuilder
  NT SERVICE\CscService
  NT SERVICE\dot3svc
  NT SERVICE\EMDMgmt
  NT SERVICE\hidserv
  NT SERVICE\IPBusEnum
  NT SERVICE\Netman
  NT SERVICE\PcaSvc
  NT SERVICE\TabletInputService
  NT SERVICE\TrkWks
  NT SERVICE\UMRdpService
  NT SERVICE\UxSMS
  NT SERVICE\WdiSystemHost
  NT SERVICE\Wlansvc
  NT SERVICE\WPDBusEnum
  NT SERVICE\wudfsvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



WMI Performance Adapter

Process
  %windir%\system32\wbem\WmiApSrv.exe
Service Name
  wmiApSrv
Default Start mode
  Manual
Process Identity
  LocalSystem
Requested Privileges
  N/A
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeCreatePagefilePrivilege
  SeCreatePermanentPrivilege
  SeCreateSymbolicLinkPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseBasePriorityPrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeLoadDriverPrivilege
  SeLockMemoryPrivilege
  SeManageVolumePrivilege
  SeProfileSingleProcessPrivilege
  SeRestorePrivilege
  SeSecurityPrivilege
  SeShutdownPrivilege
  SeSystemEnvironmentPrivilege
  SeSystemProfilePrivilege
  SeSystemtimePrivilege
  SeTakeOwnershipPrivilege
  SeTcbPrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Label
  System
Token Groups
  BUILTIN\Administrators
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\AuthenticatedUsers
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\wmiApSrv
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION
Workstation

Process
  Svchost LocalService
Service Name
  LanmanWorkstation
Default Start mode
  Automatic
Process Identity
  LocalService
Requested Privileges
  N/A
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeIncreaseWorkingSetPrivilege
  SeShutdownPrivilege
  SeSystemtimePrivilege
  SeTimeZonePrivilege
  SeUndockPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Users
  Everyone
  LOCAL
  Logon SID
  NT AUTHORITY\Authenticated Users
  NT AUTHORITY\SERVICE
  NT AUTHORITY\This Organization
  NT SERVICE\EventSystem
  NT SERVICE\fdpHost
  NT SERVICE\FDResPub
  NT SERVICE\LanmanWorkstation
  NT SERVICE\lltdsvc
  NT SERVICE\Mcx2Svc
  NT SERVICE\netprofm
  NT SERVICE\nsi
  NT SERVICE\QWAVE
  NT SERVICE\SCardSvr
  NT SERVICE\SLUINotify
  NT SERVICE\SSDPSRV
  NT SERVICE\TBS
  NT SERVICE\THREADORDER
  NT SERVICE\upnphost
  NT SERVICE\W32Time
  NT SERVICE\wcncsvc
  NT SERVICE\WebClient
  NT SERVICE\WinHttpAutoProxySvc
ACL
  Logon SID: Full Control
  Administrators: Query Information,
PROCESS_QUERY_LIMITED_INFORMATION



World Wide Web Publishing Service

Process
  Svchost iissvcs
Service Name
  W3SVC
Default Start mode
  Automatic
Process Identity
  LocalSystem
Requested Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeRestorePrivilege
  SeTcbPrivilege
Assigned Privileges
  SeAssignPrimaryTokenPrivilege
  SeAuditPrivilege
  SeBackupPrivilege
  SeChangeNotifyPrivilege
  SeCreateGlobalPrivilege
  SeDebugPrivilege
  SeImpersonatePrivilege
  SeIncreaseQuotaPrivilege
  SeRestorePrivilege
  SeTcbPrivilege
Integrity Level
  System
Token Groups
  BUILTIN\Administrators
  Everyone
  NT AUTHORITY\Authenticated Users
ACL
  System: Full Control
  Power Users: SYNCHRONIZE
  Server Operators: SYNCHRONIZE
  Performance Monitor Users: SYNCHRONIZE
  Performance Log Users: SYNCHRONIZE
  Logon SID: Full Control
  Administrators: SYNCHRONIZE, Terminate, Read Memory,
PROCESS_QUERY_LIMITED_INFORMATION, Query Information, Read
Permissions

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:15
posted:10/27/2011
language:Italian
pages:215